incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: cqlsh error after enabling encryption
Date Wed, 11 Sep 2013 16:52:52 GMT
bump.  Any ideas?  We're seeing the same issue on 2.0 as well.

Thanks!

On Tue, Sep 3, 2013 at 2:20 PM, David Laube <dave@stormpath.com> wrote:
> Hi All,
>
> After enabling encryption on our Cassandra 1.2.8 nodes, we receiving the
> error "Connection error: TSocket read 0 bytes" while attempting to use CQLsh
> to talk to the ring. I've followed the docs over at
> http://www.datastax.com/documentation/cassandra/1.2/webhelp/cassandra/security/secureCqlshSSL_t.html
> but can't seem to figure out why this isn't working. Inter-node
> communication seems to be working properly since "nodetool status" shows our
> nodes as up, but the CQLsh client is unable to talk to a single node or any
> node in the cluster (specifying the IP in .cqlshrc or on the CLI) for some
> reason. I'm providing the applicable config file entries below for review.
> Any insight or suggestions would be greatly appreciated! :)
>
>
>
> My ~/.cqlshrc file:
> ============================================
>
> [connection]
> hostname = 127.0.0.1
> port = 9160
> factory = cqlshlib.ssl.ssl_transport_factory
>
> [ssl]
> certfile = /etc/cassandra/conf/cassandra_client.crt
> validate = true ## Optional, true by default.
>
> [certfiles] ## Optional section, overrides the default certfile in the [ssl]
> section.
> 192.168.1.3 = ~/keys/cassandra01.cert
> 192.168.1.4 = ~/keys/cassandra02.cert
> ============================================
>
>
>
> Our cassandra.yaml file config blocks:
> ============================================
> …snip…
>
> server_encryption_options:
>     internode_encryption: all
>     keystore: /etc/cassandra/conf/.keystore
>     keystore_password: yeah-right
>     truststore: /etc/cassandra/conf/.truststore
>     truststore_password: yeah-right
>     # More advanced defaults below:
>     # protocol: TLS
>     # algorithm: SunX509
>     # store_type: JKS
>     # cipher_suites:
> [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
>     # require_client_auth: false
>
> # enable or disable client/server encryption.
> client_encryption_options:
>     enabled: true
>     keystore: /etc/cassandra/conf/.keystore
>     keystore_password: yeah-right
>     # require_client_auth: false
>     # Set trustore and truststore_password if require_client_auth is true
>     # truststore: conf/.truststore
>     # truststore_password: cassandra
>     # More advanced defaults below:
>     protocol: TLS
>     algorithm: SunX509
>     store_type: JKS
>     cipher_suites:
> [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
>
> …snip...
> ============================================
>
>
>
>
> Thanks,
> -David Laube
>

Mime
View raw message