cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lu, Boying" <Boying...@emc.com>
Subject How to enable client-to-node encrypt communication with Astyanax cassandra client
Date Wed, 08 Oct 2014 09:46:47 GMT
Hi, All,

I'm trying to enable client-to-node encrypt communication in Cassandra (2.0.7) with Astyanax
client library (version=1.56.48)

I found the links about how to enable this feature:
http://www.datastax.com/documentation/cassandra/2.0/cassandra/security/secureSSLClientToNode_t.html
But this only says how to set up in the server side, but not the client side.

Here is my configuration on the server side (in yaml):
client_encryption_options:
    enabled: true
    keystore:  full-path-to-keystore-file   #same file used by Cassandra server
    keystore_password: some-password
    truststore: fullpath-to-truststore-file  #same file used by Cassandra server
    truststore_password: some-password
    # More advanced defaults below:
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA]
    require_client_auth: true

http://www.datastax.com/dev/blog/accessing-secure-dse-clusters-with-cql-native-protocol
This link says something about client side, but not how to do it with the Astyanax client
library.

Searching the Astyanax source codes, I found the class SSLConnectionContext maybe useful
And here is my code snippet:
AstyanaxContext<Cluster> clusterContext = new AstyanaxContext.Builder()
                .forCluster(clusterName)
                .forKeyspace(keyspaceName)
                .withAstyanaxConfiguration(new AstyanaxConfigurationImpl()
                        .setRetryPolicy(new QueryRetryPolicy(10, 1000)))
                .withConnectionPoolConfiguration(new ConnectionPoolConfigurationImpl(_clusterName)
                        .setMaxConnsPerHost(1)
                        .setAuthenticationCredentials(credentials)
                        .setSSLConnectionContext(sslContext)
                        .setSeeds(String.format("%1$s:%2$d", uri.getHost(),
                                uri.getPort()))
                )
                .buildCluster(ThriftFamilyFactory.getInstance());

But when I tried to connect to the Cassandra server, I got following error:
Caused by: org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake
        at org.apache.thrift.transport.TIOStreamTransport.flush(TIOStreamTransport.java:161)
        at org.apache.thrift.transport.TFramedTransport.flush(TFramedTransport.java:158)
        at org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:65)
        at org.apache.cassandra.thrift.Cassandra$Client.send_login(Cassandra.java:567)
        at org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:559)
        at com.netflix.astyanax.thrift.ThriftSyncConnectionFactoryImpl$ThriftConnection.open(ThriftSyncConnectionFactoryImpl.java:203)
        ... 6 more

It looks like that my SSL settings are incorrect.

Does anyone know how to resolve this issue?

Thanks

Boying

Mime
View raw message