Remote host closed connection during handshake SSL Cassandra 3.0.9

Wed, 31 Jan 2018 02:56:37 -0800 

Hello!

I have a problem enabling  inter-node encryption in cassandra 3.0.9

After I set my conf like that:

server_encryption_options:
    internode_encryption: all
    keystore: /etc/certs/node1.keystore
    keystore_password: cassandra
    truststore: /etc/certs/node1.truststore
    truststore_password: cassandra
    # More advanced defaults below:
    protocol: *TLSv1*
    # algorithm: SunX509
    # store_type: JKS
    cipher_suites: [*TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA*]
    # require_client_auth: false

I got this error all the time

ERROR [ACCEPT-/node1] 2018-01-31 11:29:20,358 MessagingService.java:1081 -
SSL handshake error for inbound connection from
a8265dd[SSL_NULL_WITH_NULL_NULL:
Socket[addr=/node2,port=40352,localport=7001]]
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
~[na:1.8.0_92]
    at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
~[na:1.8.0_92]
    at
sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)
~[na:1.8.0_92]
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
~[na:1.8.0_92]
    at sun.security.ssl.AppInputStream.read(AppInputStream.java:71)
~[na:1.8.0_92]
    at java.io.DataInputStream.readInt(DataInputStream.java:387)
~[na:1.8.0_92]
    at
org.apache.cassandra.net.MessagingService$SocketThread.run(MessagingService.java:1055)
~[apache-cassandra-3.0.9.jar:3.0.9]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:505)
~[na:1.8.0_92]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
~[na:1.8.0_92]
    ... 6 common frames omitted


I think I tested the correctness of my certs using the command openssl
s_client ( or at least I think I did)

user@node1 /home/user $ openssl s_client -connect node2:7001 -tls1
CONNECTED(00000003)
...
SSL-Session:
    Protocol  : *TLSv1*
    Cipher    : *ECDHE-RSA-AES256-SHA*
...

So it seems I am using the right configuration but still having the 'SSL
peer shut down incorrectly' error. Anyone have had this error before?

best greetings

Jean Carlo

"The best way to predict the future is to invent it" Alan Kay

Reply via email to