无法使用SSL启动Cassandra 2.0

时间:2014-06-12 22:38:49

标签: cassandra cassandra-2.0

我正在尝试使用SSL启动Cassandra。我的山药文件有

server_encryption_options:
    internode_encryption: all
    keystore_password: changeme
    truststore_password: changeme
    truststore:  /opt/certs/cassandra.truststore
    keystore: /opt/certs/cassandra.keystore
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]

当我尝试启动cassandra时,我得到了异常

ERROR [main] 2014-06-12 22:29:18,844 CassandraDaemon.java (line 513) Exception encountered during startup
java.lang.RuntimeException: Unable to create thrift socket to /0.0.0.0:9160
    at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:263)
    at org.apache.cassandra.thrift.TServerCustomFactory.buildTServer(TServerCustomFactory.java:46)
    at org.apache.cassandra.thrift.ThriftServer$ThriftServerThread.<init>(ThriftServer.java:130)
    at org.apache.cassandra.thrift.ThriftServer.start(ThriftServer.java:56)
    at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:449)
    at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:509)
    at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:585)
Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160
    at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117)
    at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103)
    at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:253)
    ... 6 more
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA with currently installed providers
    at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
    at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(SSLServerSocketImpl.java:191)
    at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113)
    ... 8 more

我正在使用OpenJDK

# rpm -qa|grep java
java-1.7.0-openjdk-1.7.0.55-2.4.7.1.el6_5.x86_64

我已将JCE安全jar复制到/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.55.x86_64/jre/lib/security

请帮助我理解这里出了什么问题。

2 个答案:

答案 0 :(得分:1)

答案 1 :(得分:1)

我得到了同样的错误,这article帮我解决了。

特别是这部分:

  

我认为你可以通过覆盖节点到节点和客户端节点属性的密码套件来解决这个问题,例如。

     

cipher_suites:[TLS_RSA_WITH_AES_128_CBC_SHA]