Yes, Server uses the encryption client-node and server-server both and running fine with JDKSSL options but problem is with NettySSLOptions.
On Tue, Jun 19, 2018 at 7:04 PM, Jonathan Haddad <j...@jonhaddad.com> wrote: > Is the server configured to use encryption? > > On Tue, Jun 19, 2018 at 3:59 AM Jahar Tyagi <jaharty...@gmail.com> wrote: > >> Hi, >> >> I referred to this link https://docs.datastax. >> com/en/developer/java-driver/3.0/manual/ssl/ >> <https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/> to >> implement a simple Cassandra client using datastax driver 3.0.0 on SSL with >> OpenSSL options but unable to run it. >> >> Getting generic exception as " >> *com.datastax.driver.core.exceptions.NoHostAvailableException" >> *at line >> mySession = myCluster.connect(); >> >> *Code snippet to setup cluster connection is below.* >> >> public void connectToCluster() >> { >> String[] theCassandraHosts = {"myip"}; >> myCluster = >> >> Cluster.builder().withSSL(getSSLOption()).withReconnectionPolicy(new >> ConstantReconnectionPolicy(2000)).addContactPoints( >> theCassandraHosts).withPort(10742) >> .withCredentials("username", "password"). >> withLoadBalancingPolicy(DCAwareRoundRobinPolicy.builder().build()) >> .withSocketOptions(new SocketOptions(). >> setConnectTimeoutMillis(800).setKeepAlive(true)).build(); >> try { >> mySession = myCluster.connect(); >> } >> catch(Exception e) { >> e.printStackTrace(); >> } >> System.out.println("Session Established"); >> } >> >> >> private SSLOptions getSSLOption() >> { >> InputStream trustStore = null; >> try >> { >> String theTrustStorePath = "/var/opt/SecureInterface/ >> myTrustStore.jks"; >> String theTrustStorePassword = "mypassword"; >> List<String> theCipherSuites = new ArrayList<String>(); >> theCipherSuites.add("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"); >> KeyStore ks = KeyStore.getInstance("JKS"); >> * trustStore = new FileInputStream(theTrustStorePath);* >> ks.load(trustStore, theTrustStorePassword.toCharArray()); >> TrustManagerFactory tmf = TrustManagerFactory.getInstance( >> TrustManagerFactory.getDefaultAlgorithm()); >> tmf.init(ks); >> SslContextBuilder builder = >> SslContextBuilder.forClient() >> .sslProvider(SslProvider.OPENSSL) >> .trustManager(tmf) >> .ciphers(theCipherSuites) >> // only if you use client authentication >> .keyManager(new File("/var/opt/ >> SecureInterface/keystore/Cass.crt"), >> new File("/var/opt/vs/ >> SecureInterface/keystore/Cass_enc.key")); >> SSLOptions sslOptions = new NettySSLOptions(builder.build()); >> return sslOptions; >> } >> catch (Exception e) >> { >> e.printStackTrace(); >> } >> finally >> { >> try >> { >> trustStore.close(); >> } >> catch (IOException e) >> { >> e.printStackTrace(); >> } >> } >> return null; >> } >> >> Cassandra server is running fine with client and server encryption >> options. Moreover I am able to run my client using JdkSSLOptions but have >> problem with NettySSLOptions. >> >> Has anyone implemented the NettySSLOptions for Cassandra client >> application? >> >> >> Regards, >> Jahar Tyagi >> > -- > Jon Haddad > http://www.rustyrazorblade.com > twitter: rustyrazorblade >
