Re: Remote host closed connection during handshake SSL Cassandra 3.0.9

Wed, 31 Jan 2018 03:12:00 -0800 

java version ? TLSv1 disabled ? (TLSv1 should not be used any more, since it is 
outdated, but should work internally) 

Marcus Haarmann 


Von: "Jean Carlo" <jean.jeancar...@gmail.com> 
An: user@cassandra.apache.org 
Gesendet: Mittwoch, 31. Januar 2018 11:53:37 
Betreff: Remote host closed connection during handshake SSL Cassandra 3.0.9 

Hello! 

I have a problem enabling inter-node encryption in cassandra 3.0.9 

After I set my conf like that: 

server_encryption_options: 
internode_encryption: all 
keystore: /etc/certs/node1.keystore 
keystore_password: cassandra 
truststore: /etc/certs/node1.truststore 
truststore_password: cassandra 
# More advanced defaults below: 
protocol: TLSv1 
# algorithm: SunX509 
# store_type: JKS 
cipher_suites: [ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ] 
# require_client_auth: false 

I got this error all the time 

ERROR [ACCEPT-/node1] 2018-01-31 11:29:20,358 MessagingService.java:1081 - SSL 
handshake error for inbound connection from a8265dd[SSL_NULL_WITH_NULL_NULL: 
Socket[addr=/node2,port=40352,localport=7001]] 
javax.net.ssl.SSLHandshakeException: Remote host closed connection during 
handshake 
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992) 
~[na:1.8.0_92] 
at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) 
~[na:1.8.0_92] 
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928) 
~[na:1.8.0_92] 
at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) ~[na:1.8.0_92] 
at sun.security.ssl.AppInputStream.read(AppInputStream.java:71) ~[na:1.8.0_92] 
at java.io.DataInputStream.readInt(DataInputStream.java:387) ~[na:1.8.0_92] 
at 
org.apache.cassandra.net.MessagingService$SocketThread.run(MessagingService.java:1055)
 ~[apache-cassandra-3.0.9.jar:3.0.9] 
Caused by: java.io.EOFException: SSL peer shut down incorrectly 
at sun.security.ssl.InputRecord.read(InputRecord.java:505) ~[na:1.8.0_92] 
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) 
~[na:1.8.0_92] 
... 6 common frames omitted 


I think I tested the correctness of my certs using the command openssl s_client 
( or at least I think I did) 

user@node1 /home/user $ openssl s_client -connect node2:7001 -tls1 
CONNECTED(00000003) 
... 
SSL-Session: 
Protocol : TLSv1 
Cipher : ECDHE-RSA-AES256-SHA 
... 

So it seems I am using the right configuration but still having the 'SSL peer 
shut down incorrectly' error. Anyone have had this error before? 

best greetings 

Jean Carlo 

"The best way to predict the future is to invent it" Alan Kay

Reply via email to