cqlsh error after enabling encryption

Tue, 03 Sep 2013 14:21:03 -0700 

Hi All,

After enabling encryption on our Cassandra 1.2.8 nodes, we receiving the error 
"Connection error: TSocket read 0 bytes" while attempting to use CQLsh to talk 
to the ring. I've followed the docs over at 
http://www.datastax.com/documentation/cassandra/1.2/webhelp/cassandra/security/secureCqlshSSL_t.html
 but can't seem to figure out why this isn't working. Inter-node communication 
seems to be working properly since "nodetool status" shows our nodes as up, but 
the CQLsh client is unable to talk to a single node or any node in the cluster 
(specifying the IP in .cqlshrc or on the CLI) for some reason. I'm providing 
the applicable config file entries below for review. Any insight or suggestions 
would be greatly appreciated! :)



My ~/.cqlshrc file:
============================================

[connection]
hostname = 127.0.0.1
port = 9160
factory = cqlshlib.ssl.ssl_transport_factory

[ssl]
certfile = /etc/cassandra/conf/cassandra_client.crt
validate = true ## Optional, true by default.

[certfiles] ## Optional section, overrides the default certfile in the [ssl] 
section.
192.168.1.3 = ~/keys/cassandra01.cert
192.168.1.4 = ~/keys/cassandra02.cert
============================================



Our cassandra.yaml file config blocks:
============================================
…snip…

server_encryption_options:
    internode_encryption: all
    keystore: /etc/cassandra/conf/.keystore
    keystore_password: yeah-right
    truststore: /etc/cassandra/conf/.truststore
    truststore_password: yeah-right
    # More advanced defaults below:
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
    # require_client_auth: false

# enable or disable client/server encryption.
client_encryption_options:
    enabled: true
    keystore: /etc/cassandra/conf/.keystore
    keystore_password: yeah-right
    # require_client_auth: false
    # Set trustore and truststore_password if require_client_auth is true
    # truststore: conf/.truststore
    # truststore_password: cassandra
    # More advanced defaults below:
    protocol: TLS
    algorithm: SunX509
    store_type: JKS
    cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]

…snip...
============================================




Thanks,
-David Laube

Reply via email to