Your best bet is to use 256bit AES via "TLS_RSA_WITH_AES_256_CBC_SHA" since that is (usually) hardware accelerated on recent CPUs.
The security page on the docs site has a lot of good information: http://cassandra.apache.org/doc/latest/operating/security.html The above contains a link to the following that is worth calling out directly based on your question: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/FIPS.html If you want to know more about the implementation, the config eventually is passed through Netty's io.netty.handler.ssl.SslHandler ( https://github.com/apache/cassandra/blob/cassandra-3.0/src/java/org/apache/cassandra/transport/Server.java#L367) which is itself well documented regarding connection lifecycle: https://netty.io/4.0/api/io/netty/handler/ssl/SslHandler.html On Sat, Sep 3, 2016 at 10:44 AM, Eric Ho <e...@analyticsmd.com> wrote: > > I'm trying to enable SSL (internode + client). > But I need to specify the suites but I don't know which ones are supported by C*.. > Any pointers much appreciated. > thx > > -- > > -eric ho > -- ----------------- Nate McCall Wellington, NZ @zznate CTO Apache Cassandra Consulting http://www.thelastpickle.com
