Haven't personally followed this but give it a go: http://lyubent.github.io/security/planetcassandra/2013/05/31/ssl-for-astyanax.html
On 8 October 2014 20:46, Lu, Boying <boying...@emc.com> wrote: > Hi, All, > > > > I’m trying to enable client-to-node encrypt communication in Cassandra > (2.0.7) with Astyanax client library (version=1.56.48) > > > > I found the links about how to enable this feature: > > > http://www.datastax.com/documentation/cassandra/2.0/cassandra/security/secureSSLClientToNode_t.html > > But this only says how to set up in the server side, but not the client > side. > > > > Here is my configuration on the server side (in yaml): > > client_encryption_options: > > enabled: true > > keystore: full-path-to-keystore-file *#same file used by Cassandra > server* > > keystore_password: some-password > > truststore: fullpath-to-truststore-file *#same file used by > Cassandra server* > > truststore_password: some-password > > # More advanced defaults below: > > # protocol: TLS > > # algorithm: SunX509 > > # store_type: JKS > > cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA] > > require_client_auth: true > > > > > http://www.datastax.com/dev/blog/accessing-secure-dse-clusters-with-cql-native-protocol > > This link says something about client side, but not how to do it with the > Astyanax client library. > > > > Searching the Astyanax source codes, I found the class > SSLConnectionContext maybe useful > > And here is my code snippet: > > AstyanaxContext<Cluster> clusterContext = new AstyanaxContext.Builder() > > .forCluster(clusterName) > > .forKeyspace(keyspaceName) > > .withAstyanaxConfiguration(new AstyanaxConfigurationImpl() > > .setRetryPolicy(new QueryRetryPolicy(10, 1000))) > > .withConnectionPoolConfiguration(new > ConnectionPoolConfigurationImpl(_clusterName) > > .setMaxConnsPerHost(1) > > .setAuthenticationCredentials(credentials) > > * .setSSLConnectionContext(sslContext)* > > .setSeeds(String.format("%1$s:%2$d", uri.getHost(), > > uri.getPort())) > > ) > > .buildCluster(ThriftFamilyFactory.getInstance()); > > > > But when I tried to connect to the Cassandra server, I got following error: > > Caused by: org.apache.thrift.transport.TTransportException: > javax.net.ssl.SSLHandshakeException: Remote host closed connection during > handshake > > at > org.apache.thrift.transport.TIOStreamTransport.flush(TIOStreamTransport.java:161) > > at > org.apache.thrift.transport.TFramedTransport.flush(TFramedTransport.java:158) > > at > org.apache.thrift.TServiceClient.sendBase(TServiceClient.java:65) > > at > org.apache.cassandra.thrift.Cassandra$Client.send_login(Cassandra.java:567) > > at > org.apache.cassandra.thrift.Cassandra$Client.login(Cassandra.java:559) > > at > com.netflix.astyanax.thrift.ThriftSyncConnectionFactoryImpl$ThriftConnection.open(ThriftSyncConnectionFactoryImpl.java:203) > > ... 6 more > > > > It looks like that my SSL settings are incorrect. > > > > Does anyone know how to resolve this issue? > > > > Thanks > > > > Boying > -- Ben Bromhead Instaclustr | www.instaclustr.com | @instaclustr <http://twitter.com/instaclustr> | +61 415 936 359
