Hi Marcus >java version ? We use oracle-java8-jre the version 8u92.
>TLSv1 disabled ? No it is not disable. We tried also with the version 1.2 Saludos Jean Carlo "The best way to predict the future is to invent it" Alan Kay On Wed, Jan 31, 2018 at 12:11 PM, Marcus Haarmann <marcus.haarm...@midoco.de > wrote: > java version ? TLSv1 disabled ? (TLSv1 should not be used any more, since > it is outdated, but should work internally) > > Marcus Haarmann > > ------------------------------ > *Von: *"Jean Carlo" <jean.jeancar...@gmail.com> > *An: *user@cassandra.apache.org > *Gesendet: *Mittwoch, 31. Januar 2018 11:53:37 > *Betreff: *Remote host closed connection during handshake SSL Cassandra > 3.0.9 > > Hello! > > I have a problem enabling inter-node encryption in cassandra 3.0.9 > > After I set my conf like that: > > server_encryption_options: > internode_encryption: all > keystore: /etc/certs/node1.keystore > keystore_password: cassandra > truststore: /etc/certs/node1.truststore > truststore_password: cassandra > # More advanced defaults below: > protocol: *TLSv1* > # algorithm: SunX509 > # store_type: JKS > cipher_suites: [*TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*] > # require_client_auth: false > > I got this error all the time > > ERROR [ACCEPT-/node1] 2018-01-31 11:29:20,358 MessagingService.java:1081 - > SSL handshake error for inbound connection from > a8265dd[SSL_NULL_WITH_NULL_NULL: > Socket[addr=/node2,port=40352,localport=7001]] > javax.net.ssl.SSLHandshakeException: Remote host closed connection during > handshake > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992) > ~[na:1.8.0_92] > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) > ~[na:1.8.0_92] > at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928) > ~[na:1.8.0_92] > at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) > ~[na:1.8.0_92] > at sun.security.ssl.AppInputStream.read(AppInputStream.java:71) > ~[na:1.8.0_92] > at java.io.DataInputStream.readInt(DataInputStream.java:387) > ~[na:1.8.0_92] > at org.apache.cassandra.net.MessagingService$SocketThread. > run(MessagingService.java:1055) ~[apache-cassandra-3.0.9.jar:3.0.9] > Caused by: java.io.EOFException: SSL peer shut down incorrectly > at sun.security.ssl.InputRecord.read(InputRecord.java:505) > ~[na:1.8.0_92] > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) > ~[na:1.8.0_92] > ... 6 common frames omitted > > > I think I tested the correctness of my certs using the command openssl > s_client ( or at least I think I did) > > user@node1 /home/user $ openssl s_client -connect node2:7001 -tls1 > CONNECTED(00000003) > ... > SSL-Session: > Protocol : *TLSv1* > Cipher : *ECDHE-RSA-AES256-SHA* > ... > > So it seems I am using the right configuration but still having the 'SSL > peer shut down incorrectly' error. Anyone have had this error before? > > best greetings > > Jean Carlo > > "The best way to predict the future is to invent it" Alan Kay > >
