Hi,
I have problems upgrading a cluster from 3.0.14 to 3.11.1 but when I
upgrade the first node it fails to gossip.
I have server encryption enabled on all nodes with this setting:
server_encryption_options:
internode_encryption: all
keystore: /usr/share/cassandra/.ssl/server/keystore.jks
keystore_password: 'xxxxxxxxxxxxx'
truststore: /usr/share/cassandra/.ssl/server/truststore.jks
truststore_password: 'xxxxxxxxxxxxx'
protocol: TLSv1.2
cipher_suites:
[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA]
I get this error in the log:
2018-01-16T14:41:19.671+0100 ERROR [ACCEPT-/10.61.204.16]
MessagingService.java:1329 SSL handshake error for inbound connection
from 30f93bf4[SSL_NULL_WITH_NULL_NULL:
Socket[addr=/x.x.x.x,port=40583,localport=7001]]
javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
at
sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:637)
~[na:1.8.0_152]
at sun.security.ssl.InputRecord.read(InputRecord.java:527)
~[na:1.8.0_152]
at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
~[na:1.8.0_152]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
~[na:1.8.0_152]
at
sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:938)
~[na:1.8.0_152]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
~[na:1.8.0_152]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:71)
~[na:1.8.0_152]
at java.io.DataInputStream.readInt(DataInputStream.java:387)
~[na:1.8.0_152]
at
org.apache.cassandra.net.MessagingService$SocketThread.run(MessagingService.java:1303)
~[apache-cassandra-3.11.1.jar:3.11.1]
I suspect that this has something to do with the change in
CASSANDRA-10508. Any suggestions on how to get around this would be very
much appreciated.
Thanks, /Tommy
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@cassandra.apache.org
For additional commands, e-mail: user-h...@cassandra.apache.org
