Re: How to configure internode encryption in 0.8.0?

Tue, 17 May 2011 17:48:03 -0700 

Thanks for the link, Jeremy.

I generated the keystore and truststore for inter-node communication using
the link in the YAML file:
http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore

<http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore>Unfortunately,
the default instructions in the above link
used TLS_RSA_WITH_AES_256_CBC_SHA. So, when I start Cassandra now, I get
this error:

ERROR 00:10:38,734 Exception encountered during startup.
java.lang.IllegalArgumentException: Cannot support
TLS_RSA_WITH_AES_256_CBC_SHA       with currently installed providers
        at
com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(CipherSuiteList.j
 ava:79)
        at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuit
 es(SSLServerSocketImpl.java:166)
        at
org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.j
 ava:55)


The YAML file states that the cipher suite for authentication should
be: TLS_RSA_WITH_AES_128_CBC_SHA.

This is my first time using keytool and I've searched the web to see how I
can change the cipher from AES_256 to AES_128, but haven't found the answer.

Anyone know how to change the cipher to AES_128?

Here are the commands I used to generate the non-working keystore and
truststore:

1) keytool -genkeypair -alias jdoe -keyalg RSA -validity 7 -keystore
.keystore
2) keytool -list -v -keystore .keystore
3) keytool -export -alias jdoe -keystore .keystore -rfc -file jdoe.cer
4) cat jdoe.cer
5) keytool -import -alias jdoecert -file jdoe.cer -keystore .truststore
6) keytool -list -v -keystore .truststore


- Sameer

On Mon, May 16, 2011 at 5:35 PM, Jeremy Hanna <jeremy.hanna1...@gmail.com>wrote:

> Take a look at cassandra.yaml in your 0.8 download at the very bottom.
>  There are docs and examples there.
> e.g.
> http://svn.apache.org/repos/asf/cassandra/tags/cassandra-0.8.0-beta2/conf/cassandra.yaml
>
> On May 16, 2011, at 6:36 PM, Sameer Farooqui wrote:
>
> > I understand that 0.8.0 has configurable internode encryption
> (CASSANDRA-1567, 2152).
> >
> > I haven't been able to find any info on how to configure it though on
> this mailing list or the Datastax website.
> >
> > Can somebody point me towards how to set this up?
> >
> > - Sameer
>
>

Reply via email to