incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Laube <d...@stormpath.com>
Subject cqlsh error after enabling encryption
Date Tue, 03 Sep 2013 21:20:05 GMT
Hi All,

After enabling encryption on our Cassandra 1.2.8 nodes, we receiving the error "Connection
error: TSocket read 0 bytes" while attempting to use CQLsh to talk to the ring. I've followed
the docs over at http://www.datastax.com/documentation/cassandra/1.2/webhelp/cassandra/security/secureCqlshSSL_t.html
but can't seem to figure out why this isn't working. Inter-node communication seems to be
working properly since "nodetool status" shows our nodes as up, but the CQLsh client is unable
to talk to a single node or any node in the cluster (specifying the IP in .cqlshrc or on the
CLI) for some reason. I'm providing the applicable config file entries below for review. Any
insight or suggestions would be greatly appreciated! :)



My ~/.cqlshrc file:
============================================

[connection]
hostname = 127.0.0.1
port = 9160
factory = cqlshlib.ssl.ssl_transport_factory

[ssl]
certfile = /etc/cassandra/conf/cassandra_client.crt
validate = true ## Optional, true by default.

[certfiles] ## Optional section, overrides the default certfile in the [ssl] section.
192.168.1.3 = ~/keys/cassandra01.cert
192.168.1.4 = ~/keys/cassandra02.cert
============================================



Our cassandra.yaml file config blocks:
============================================
…snip…

server_encryption_options:
    internode_encryption: all
    keystore: /etc/cassandra/conf/.keystore
    keystore_password: yeah-right
    truststore: /etc/cassandra/conf/.truststore
    truststore_password: yeah-right
    # More advanced defaults below:
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
    # require_client_auth: false

# enable or disable client/server encryption.
client_encryption_options:
    enabled: true
    keystore: /etc/cassandra/conf/.keystore
    keystore_password: yeah-right
    # require_client_auth: false
    # Set trustore and truststore_password if require_client_auth is true
    # truststore: conf/.truststore
    # truststore_password: cassandra
    # More advanced defaults below:
    protocol: TLS
    algorithm: SunX509
    store_type: JKS
    cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]

…snip...
============================================




Thanks,
-David Laube


Mime
View raw message