cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sameer Farooqui <cassandral...@gmail.com>
Subject Re: How to configure internode encryption in 0.8.0?
Date Thu, 19 May 2011 22:29:40 GMT
Thanks, Jeremy!

Nirmal, any advice on how to generate the key/trust stores with the correct
cipher?

- Sameer


On Wed, May 18, 2011 at 8:10 AM, Jeremy Hanna <jeremy.hanna1234@gmail.com>wrote:

> I'll CC Nirmal Ranganathan who implemented the internode encryption who
> might be able to give you some advice on this.
>
> On May 17, 2011, at 7:47 PM, Sameer Farooqui wrote:
>
> > Thanks for the link, Jeremy.
> >
> > I generated the keystore and truststore for inter-node communication
> using the link in the YAML file:
> >
> http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
> >
> > Unfortunately, the default instructions in the above link used
> TLS_RSA_WITH_AES_256_CBC_SHA. So, when I start Cassandra now, I get this
> error:
> >
> > ERROR 00:10:38,734 Exception encountered during startup.
> > java.lang.IllegalArgumentException: Cannot support
> TLS_RSA_WITH_AES_256_CBC_SHA       with currently installed providers
> >         at
> com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(CipherSuiteList.j
>  ava:79)
> >         at
> com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuit
>  es(SSLServerSocketImpl.java:166)
> >         at
> org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.j
>  ava:55)
> >
> >
> > The YAML file states that the cipher suite for authentication should be:
> TLS_RSA_WITH_AES_128_CBC_SHA.
> >
> > This is my first time using keytool and I've searched the web to see how
> I can change the cipher from AES_256 to AES_128, but haven't found the
> answer.
> >
> > Anyone know how to change the cipher to AES_128?
> >
> > Here are the commands I used to generate the non-working keystore and
> truststore:
> >
> > 1) keytool -genkeypair -alias jdoe -keyalg RSA -validity 7 -keystore
> .keystore
> > 2) keytool -list -v -keystore .keystore
> > 3) keytool -export -alias jdoe -keystore .keystore -rfc -file jdoe.cer
> > 4) cat jdoe.cer
> > 5) keytool -import -alias jdoecert -file jdoe.cer -keystore .truststore
> > 6) keytool -list -v -keystore .truststore
> >
> >
> > - Sameer
> >
> > On Mon, May 16, 2011 at 5:35 PM, Jeremy Hanna <
> jeremy.hanna1234@gmail.com> wrote:
> > Take a look at cassandra.yaml in your 0.8 download at the very bottom.
>  There are docs and examples there.
> > e.g.
> http://svn.apache.org/repos/asf/cassandra/tags/cassandra-0.8.0-beta2/conf/cassandra.yaml
> >
> > On May 16, 2011, at 6:36 PM, Sameer Farooqui wrote:
> >
> > > I understand that 0.8.0 has configurable internode encryption
> (CASSANDRA-1567, 2152).
> > >
> > > I haven't been able to find any info on how to configure it though on
> this mailing list or the Datastax website.
> > >
> > > Can somebody point me towards how to set this up?
> > >
> > > - Sameer
> >
> >
>
>

Mime
View raw message