无法使用SSL启动Cassandra 2.0 [英] Unable to Start Cassandra 2.0 with SSL

问题描述

我正在尝试使用SSL启动Cassandra。我的yam文件具有

I am trying to start Cassandra with SSL. My yam file has

server_encryption_options:
    internode_encryption: all
    keystore_password: changeme
    truststore_password: changeme
    truststore:  /opt/certs/cassandra.truststore
    keystore: /opt/certs/cassandra.keystore
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]

当我尝试启动cassandra时出现异常

When I try to start cassandra I get exception

ERROR [main] 2014-06-12 22:29:18,844 CassandraDaemon.java (line 513) Exception encountered during startup
java.lang.RuntimeException: Unable to create thrift socket to /0.0.0.0:9160
    at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:263)
    at org.apache.cassandra.thrift.TServerCustomFactory.buildTServer(TServerCustomFactory.java:46)
    at org.apache.cassandra.thrift.ThriftServer$ThriftServerThread.<init>(ThriftServer.java:130)
    at org.apache.cassandra.thrift.ThriftServer.start(ThriftServer.java:56)
    at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:449)
    at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:509)
    at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:585)
Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160
    at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117)
    at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103)
    at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:253)
    ... 6 more
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA with currently installed providers
    at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
    at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(SSLServerSocketImpl.java:191)
    at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113)
    ... 8 more

我正在使用OpenJDK

I am using OpenJDK

# rpm -qa|grep java
java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.x86_64

我已将JCE安全罐复制到/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/security

I have copied the JCE security jar to /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/security

请帮助我了解这里出了什么问题。

Please help me understand what is going wrong here.

推荐答案

I遇到了相同的错误，并且此文章帮我解决了这个问题。

I got the same error and this article helped me solve it.

特别是这一部分：

我认为您可以通过重写密码来解决它节点到节点和客户端节点属性的套件，例如

I think you can get round it by overriding the cipher suites for both node-to-node and client-node properties e.g.

cipher_suites：[TLS_RSA_WITH_AES_128_CBC_SHA]

cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA]

这篇关于无法使用SSL启动Cassandra 2.0的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！