Unable to Start Cassandra 2.0 with SSL
Question
I am trying to start Cassandra with SSL. My yam file has
server_encryption_options:
internode_encryption: all
keystore_password: changeme
truststore_password: changeme
truststore: /opt/certs/cassandra.truststore
keystore: /opt/certs/cassandra.keystore
# protocol: TLS
# algorithm: SunX509
# store_type: JKS
# cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
When I try to start cassandra I get exception
ERROR [main] 2014-06-12 22:29:18,844 CassandraDaemon.java (line 513) Exception encountered during startup
java.lang.RuntimeException: Unable to create thrift socket to /0.0.0.0:9160
at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:263)
at org.apache.cassandra.thrift.TServerCustomFactory.buildTServer(TServerCustomFactory.java:46)
at org.apache.cassandra.thrift.ThriftServer$ThriftServerThread.<init>(ThriftServer.java:130)
at org.apache.cassandra.thrift.ThriftServer.start(ThriftServer.java:56)
at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:449)
at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:509)
at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:585)
Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160
at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117)
at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103)
at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:253)
... 6 more
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA with currently installed providers
at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(SSLServerSocketImpl.java:191)
at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113)
... 8 more
I am using OpenJDK
# rpm -qa|grep java
java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.x86_64
I have copied the JCE security jar to /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/security
Please help me understand what is going wrong here.
2 answers
solution1
1 2014-11-07 21:51:01
The DataStax documentation ( http://www.datastax.com/documentation/datastax_enterprise/4.5/datastax_enterprise/install/installGUI.html ) says "NOT OpenJDK" - you need the Oracle version.
Also, need to provide the Oracle security jars if you're going to do client-to-node encryption. https://serverfault.com/questions/534614/cannot-bind-to-port-enabling-cassandra-client-encryption http://www.pathin.org/tutorials/java-cassandra-cannot-support-tls_rsa_with_aes_256_cbc_sha-with-currently-installed-providers/
solution2
1 2015-12-14 23:01:02
I got the same error and this article helped me solve it.
Specifically this part:
I think you can get round it by overriding the cipher suites for both node-to-node and client-node properties eg
cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.