Hi Ashwini, On all my nodes, I’m installing the additional jce policy https://support.datastax.com/hc/en-us/articles/204226129-Receiving-error-Caused-by-java-lang-IllegalArgumentException-Cannot-support-TLS-RSA-WITH-AES-256-CBC-SHA-with-currently-installed-providers-on-DSE-startup-after-setting-up-client-to-node-encryption
Then I’m generating one key / certificate on each of my node, exporting public part and store it in a truststore of other nodes and configure cassandra.yaml Datastax documentation is pretty clear : https://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureSSLCertificates_t.html https://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureSSLNodeToNode_t.html Hope its helps, Regards, De : Ashwini Mhatre (asmhatre) [mailto:[email protected]] Envoyé : mercredi 3 août 2016 12:25 À : [email protected] Cc : Keshava H P (kehp); PRABHJOT KAUR (prabhkau) Objet : Re: Issue in internode encryption in cassandra Hi, Is any one have any hint regarding node to node encryption . Regards, Ashwini Mhatre From: asmhatre <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Monday, 25 July 2016 at 4:15 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Issue in internode encryption in cassandra I am using internode encryption in cassandra, with self signed CA it works fine. but with other product CA m getting this error "Filtering out TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA as it isnt supported by the socket”
