我在 Debian 7 上运行 Cassandra 1.2 和三节点集群。集群运行良好。但我想为客户端启用加密,如下所述:ttp://www.datastax.com/documentation/cassandra/1.2/webhelp/cassandra/security/secureSSLClientToNode_t.html
但是,当我在进行必要的配置更改后重新启动 Cassandra 时,日志中出现此错误,并且 Cassandra 崩溃:
INFO 20:12:16,734 enabling encrypted thrift connections between client and server
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243)
Caused by: java.lang.RuntimeException: Unable to create thrift socket to /192.168.0.1:9160
at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:267)
at org.apache.cassandra.thrift.TServerCustomFactory.buildTServer(TServerCustomFactory.java:46)
at org.apache.cassandra.thrift.ThriftServer$ThriftServerThread.<init>(ThriftServer.java:105)
at org.apache.cassandra.thrift.ThriftServer.start(ThriftServer.java:52)
at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:400)
... 5 more
Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160
at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117)
at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103)
at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:257)
... 9 more
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers
at sun.security.ssl.CipherSuiteList.<init>(Unknown Source)
at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(Unknown Source)
at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113)
... 11 more
Cannot start daemon
Service exit with a return value of 5
我错过了什么?
答案1
您需要添加 java 加密扩展。请参阅此处有关此问题的博客文章: