Samphel Norden created CASSANDRA-7585: -----------------------------------------
Summary: cassandra sstableloader connection refused with inter_node_encryption Key: CASSANDRA-7585 URL: https://issues.apache.org/jira/browse/CASSANDRA-7585 Project: Cassandra Issue Type: Bug Components: Core, Tools Reporter: Samphel Norden cassandra sstableloader connection refused with inter_node_encryption When using sstableloader to import tables (cassandra 2.0.5) with inter-node encryption and client encryption enabled, I get a connection refused error I am using sstableloader -d $myhost -p 9160 -u cassandra -pw cassandra -ciphers TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -st JKS -tf org.apache.cassandra.thrift.SSLTransportFactory -ts /path/to/truststore -tspw <passwd> $fullpath/$table Errors out with Streaming session ID: 1bc395c0-fbb2-11e3-9812-73da15121373 WARN 17:13:34,147 Failed attempt 1 to connect to Similar problem reported in cassandra 2.0.8 by another user http://stackoverflow.com/questions/24390604/cassandra-sstableloader-connection-refused-with-inter-node-encryption ================== Relevant cassandra.yaml snippet (with obfuscation) server_encryption_options: internode_encryption: all keystore:/path/to/keystore keystore_password: <passwd> truststore:/path/to/truststore truststore_password:<passwd> # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] require_client_auth: true # enable or disable client/server encryption. client_encryption_options: enabled: true keystore: /path/to/keystore keystore_password: <truststorepasswd> #require_client_auth: true # Set trustore and truststore_password if require_client_auth is true truststore:/path/to/truststore truststore_password: <truststorepasswd> # More advanced defaults below: protocol: TLS algorithm: SunX509 store_type: JKS cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] ====================== Note that by setting inter-node encryption to "none" sstableloader works.. but setting it to "all" fails... It seems like sstableloader uses 7000 is my guess instead of using the ssl port 7001 for streaming/gossip. -- This message was sent by Atlassian JIRA (v6.2#6252)