Reputation: 21
DataStax DSE Cassandra SSL - Unrecognized SSL message, plaintext connection?
I have been trying to enable client-to-node ssl communication in a single node cluster running Datastax (DSE) version 4.6 with Cassandra 2.0.11
After following the steps in the datastax documentation documentation
I keep on getting the following error message;
INFO [Thread-3] 2015-01-25 09:00:21,383 ThriftServer.java (line 135) Listening for thrift clients... ERROR [Thrift:1] 2015-01-25 09:00:30,486 TNegotiatingServerTransport.java (line 523) Failed to open server transport. org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129) at com.datastax.bdp.transport.server.TPreviewableTransport.readUntilEof(TPreviewableTransport.java:79) at com.datastax.bdp.transport.server.TPreviewableTransport.preview(TPreviewableTransport.java:55) at com.datastax.bdp.transport.server.TNegotiatingServerTransport.open(TNegotiatingServerTransport.java:186) at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:516) at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:405) at org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:196) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:671) at sun.security.ssl.InputRecord.read(InputRecord.java:504) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882) at sun.security.ssl.AppInputStream.read(AppInputStream.java:102) at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) at java.io.BufferedInputStream.read(BufferedInputStream.java:334) at org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127) ... 9 more ERROR [Thrift:1] 2015-01-25 09:00:30,513 CustomTThreadPoolServer.java (line 222) Error occurred during processing of message. java.lang.RuntimeException: Failed to open server transport: unknown at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:524) at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:405) at org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:196) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744)
Here is my cassandra.yaml file
client_encryption_options:
enabled: true
keystore: /home/ubuntu/.keystore
keystore_password: ****
truststore: /home/ubuntu/.truststore
truststore_password: ****
protocol: ssl
store_type: JKS
cipher_suites:
[TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
Steps followed to create the keystore and truststore
keytool -genkey -keyalg RSA -alias node0 -keystore .keystore (used the hostname for first name & last name)
keytool -export -alias node0 -file node0.cer -keystore .keystore
keytool -import -v -trustcacerts -alias node0 -file node0.cer -keystore .truststore
I already fix the TLS_RSA_WITH_AES_256_CBC_SHA bug they have in their documentation by downloading the required jar files from the oracle website http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Upvotes: 2
Views: 1115
Answers (1)
Reputation: 1931
This message shows that a client is trying to open an unencrypted connection.
First thought is check if client certificate auth is enabled. Read this: http://www.datastax.com/documentation/datastax_enterprise/4.6/datastax_enterprise/sec/secRunCqlsh.html
Here is a walkthrough for enabling cqlsh ssl connection: https://github.com/PatrickCallaghan/datastax-ssl-example
Upvotes: 2
Related Questions
- Datastax Bulk Loader can't find my SSL certificate
- Datastax driver connection exception DSE 5.0 , CASSANDRA 3.0.7 ,spark
- Datastax Cassandra - Cqlsh with SSL not working
- connecting cassandra through ssl with datastax cassandra JAVA driver
- ConnectionException when connecting to Cassandra with DataStax Java driver 1.0.5
- Datastax Cassandra SSL
- Cassandra throws SSLFactory.java warning
- connecting to cassandra using datastax' connector
- org.apache.thrift.transport.TTransportException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
- How to set up Cassandra client-to-node encryption with the DataStax Java driver?