cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lu, Boying" <>
Subject How to enable client-to-node encrypt communication with Astyanax cassandra client
Date Wed, 08 Oct 2014 09:46:47 GMT
Hi, All,

I'm trying to enable client-to-node encrypt communication in Cassandra (2.0.7) with Astyanax
client library (version=1.56.48)

I found the links about how to enable this feature:
But this only says how to set up in the server side, but not the client side.

Here is my configuration on the server side (in yaml):
    enabled: true
    keystore:  full-path-to-keystore-file   #same file used by Cassandra server
    keystore_password: some-password
    truststore: fullpath-to-truststore-file  #same file used by Cassandra server
    truststore_password: some-password
    # More advanced defaults below:
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA]
    require_client_auth: true
This link says something about client side, but not how to do it with the Astyanax client

Searching the Astyanax source codes, I found the class SSLConnectionContext maybe useful
And here is my code snippet:
AstyanaxContext<Cluster> clusterContext = new AstyanaxContext.Builder()
                .withAstyanaxConfiguration(new AstyanaxConfigurationImpl()
                        .setRetryPolicy(new QueryRetryPolicy(10, 1000)))
                .withConnectionPoolConfiguration(new ConnectionPoolConfigurationImpl(_clusterName)
                        .setSeeds(String.format("%1$s:%2$d", uri.getHost(),

But when I tried to connect to the Cassandra server, I got following error:
Caused by: org.apache.thrift.transport.TTransportException:
Remote host closed connection during handshake
        at org.apache.thrift.transport.TIOStreamTransport.flush(
        at org.apache.thrift.transport.TFramedTransport.flush(
        at org.apache.thrift.TServiceClient.sendBase(
        at org.apache.cassandra.thrift.Cassandra$Client.send_login(
        at org.apache.cassandra.thrift.Cassandra$Client.login(
        ... 6 more

It looks like that my SSL settings are incorrect.

Does anyone know how to resolve this issue?



View raw message