bump. Any ideas? We're seeing the same issue on 2.0 as well. Thanks!
On Tue, Sep 3, 2013 at 2:20 PM, David Laube <d...@stormpath.com> wrote: > Hi All, > > After enabling encryption on our Cassandra 1.2.8 nodes, we receiving the > error "Connection error: TSocket read 0 bytes" while attempting to use CQLsh > to talk to the ring. I've followed the docs over at > http://www.datastax.com/documentation/cassandra/1.2/webhelp/cassandra/security/secureCqlshSSL_t.html > but can't seem to figure out why this isn't working. Inter-node > communication seems to be working properly since "nodetool status" shows our > nodes as up, but the CQLsh client is unable to talk to a single node or any > node in the cluster (specifying the IP in .cqlshrc or on the CLI) for some > reason. I'm providing the applicable config file entries below for review. > Any insight or suggestions would be greatly appreciated! :) > > > > My ~/.cqlshrc file: > ============================================ > > [connection] > hostname = 127.0.0.1 > port = 9160 > factory = cqlshlib.ssl.ssl_transport_factory > > [ssl] > certfile = /etc/cassandra/conf/cassandra_client.crt > validate = true ## Optional, true by default. > > [certfiles] ## Optional section, overrides the default certfile in the [ssl] > section. > 192.168.1.3 = ~/keys/cassandra01.cert > 192.168.1.4 = ~/keys/cassandra02.cert > ============================================ > > > > Our cassandra.yaml file config blocks: > ============================================ > …snip… > > server_encryption_options: > internode_encryption: all > keystore: /etc/cassandra/conf/.keystore > keystore_password: yeah-right > truststore: /etc/cassandra/conf/.truststore > truststore_password: yeah-right > # More advanced defaults below: > # protocol: TLS > # algorithm: SunX509 > # store_type: JKS > # cipher_suites: > [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA] > # require_client_auth: false > > # enable or disable client/server encryption. > client_encryption_options: > enabled: true > keystore: /etc/cassandra/conf/.keystore > keystore_password: yeah-right > # require_client_auth: false > # Set trustore and truststore_password if require_client_auth is true > # truststore: conf/.truststore > # truststore_password: cassandra > # More advanced defaults below: > protocol: TLS > algorithm: SunX509 > store_type: JKS > cipher_suites: > [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA] > > …snip... > ============================================ > > > > > Thanks, > -David Laube >
