Can't connect to Cassandra with SSL using cqlsh

Question

I am trying to get SSL (client to node) to work on Cassandra 2.1.2.

I have created the keystore and the truststore according to the instructions here. Then I have updated cassandra.yaml to this:

client_encryption_options:
    enabled: true
    keystore: /etc/cassandra/security/.keystore
    keystore_password: ********
    # require_client_auth: false
    # Set trustore and truststore_password if require_client_auth is true
    truststore: /etc/cassandra/security/.truststore
    truststore_password: ********
    # More advanced defaults below:
    # protocol: TLS
    # algorithm: SunX509
    # store_type: JKS
    # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]

I am trying to connect using cqlsh, however I get the following error:

 Connection error: ('Unable to connect to any servers', {'192.168.0.16': ConnectionShutdown('Connection <AsyncoreConnection(140569820674832) 192.168.0.16:9042 (closed)> is already closed',)})

My cqlshrc file looks like this:

[connection]
hostname = 192.168.0.16
port = 9042
factory = cqlshlib.ssl.ssl_transport_factory

[ssl]
validate = false
certfile = /home/flavien/localhost.pem

For the certfile, I have tried the pem and the crt file, this makes no difference.

There is no evidence in the Cassandra logs - no error, nothing.

My java version is this:

java version "1.8.0_25"
Java(TM) SE Runtime Environment (build 1.8.0_25-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.25-b02, mixed mode)

And I have installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

I have also tried to connect using DevCenter and the C# driver, to no avail.

Any idea how I can make this work?

Answer 1

You have to use --ssl flag as described in the Documentation for 2.1