I have finally tracked down the problem and I'm happy to say that this
is not a Cassandra problem. I found out that we have a custom security
provider installed on our servers and when I disabled that the problem
disappeared.
/Tommy
On 2018-01-19 14:40, Tommy Stendahl wrote:
I have continued the upgrade of the cluster using the default protocol
setting and after upgrading all nodes there were no problems switching
back to "TLSv1.2". But I will try to reproduce the problem using a ccm
cluster, I think that should be relatively easy, and when can try the
-Djavax.net.debug=ssl and see if we can get some good logs. It will
take a few days though.
Thanks for all help so far.
/Tommy
On 2018-01-17 22:18, Nate McCall wrote:
We use Oracle jdk1.8.0_152 on all nodes and as I understand
oracle use a dot in the protocol name (TLSv1.2) and I use the
same protocol name and cipher names in the 3.0.14 nodes and the
one I try to upgrade to 3.11.1.
I agree with Stefan's assessment and share his confusion. Would you
be willing to add the following to the startup options with the
explicitly configured "TLSv1.2" and post the results?
-Djavax.net.debug=ssl
That should provide additional detail on the SSL handshake.
