Question

我正在尝试使用SSL启动Cassandra。我的山药文件有

server_encryption_options:
    internode_encryption: all
    keystore_password: changeme
    truststore_password: changeme
    truststore:  /opt/certs/cassandra.truststore
    keystore: /opt/certs/cassandra.keystore
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]

当我尝试启动cassandra时，我得到了异常

ERROR [main] 2014-06-12 22:29:18,844 CassandraDaemon.java (line 513) Exception encountered during startup
java.lang.RuntimeException: Unable to create thrift socket to /0.0.0.0:9160
    at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:263)
    at org.apache.cassandra.thrift.TServerCustomFactory.buildTServer(TServerCustomFactory.java:46)
    at org.apache.cassandra.thrift.ThriftServer$ThriftServerThread.<init>(ThriftServer.java:130)
    at org.apache.cassandra.thrift.ThriftServer.start(ThriftServer.java:56)
    at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:449)
    at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:509)
    at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:585)
Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160
    at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117)
    at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103)
    at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:253)
    ... 6 more
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA with currently installed providers
    at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
    at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(SSLServerSocketImpl.java:191)
    at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113)
    ... 8 more

我正在使用OpenJDK

# rpm -qa|grep java
java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.x86_64

我已将JCE安全jar复制到/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/security

请帮助我理解这里出了什么问题。

Answer 1

DataStax文档（http://www.datastax.com/documentation/datastax_enterprise/4.5/datastax_enterprise/install/installGUI.html）表示＆＃34; NOT OpenJDK＆＃34; - 你需要Oracle版本。

此外，如果您要进行客户端到节点加密，还需要提供Oracle安全套件。 https://serverfault.com/questions/534614/cannot-bind-to-port-enabling-cassandra-client-encryption http://www.pathin.org/tutorials/java-cassandra-cannot-support-tls_rsa_with_aes_256_cbc_sha-with-currently-installed-providers/

Answer 2

我得到了同样的错误，这article帮我解决了。

特别是这部分：

我认为你可以通过覆盖节点到节点和客户端节点属性的密码套件来解决这个问题，例如。

cipher_suites：[TLS_RSA_WITH_AES_128_CBC_SHA]

无法使用SSL启动Cassandra 2.0

2 个答案: