启用 Cassandra 客户端加密时出现“无法绑定到端口”

启用 Cassandra 客户端加密时出现“无法绑定到端口”

我在 Debian 7 上运行 Cassandra 1.2 和三节点集群。集群运行良好。但我想为客户端启用加密,如下所述:ttp://www.datastax.com/documentation/cassandra/1.2/webhelp/cassandra/security/secureSSLClientToNode_t.html

但是,当我在进行必要的配置更改后重新启动 Cassandra 时,日志中出现此错误,并且 Cassandra 崩溃:

 INFO 20:12:16,734 enabling encrypted thrift connections between client and server
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243)
Caused by: java.lang.RuntimeException: Unable to create thrift socket to /192.168.0.1:9160
        at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:267)
        at org.apache.cassandra.thrift.TServerCustomFactory.buildTServer(TServerCustomFactory.java:46)
        at org.apache.cassandra.thrift.ThriftServer$ThriftServerThread.<init>(ThriftServer.java:105)
        at org.apache.cassandra.thrift.ThriftServer.start(ThriftServer.java:52)
        at org.apache.cassandra.service.CassandraDaemon.start(CassandraDaemon.java:400)
        ... 5 more
Caused by: org.apache.thrift.transport.TTransportException: Could not bind to port 9160
        at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:117)
        at org.apache.thrift.transport.TSSLTransportFactory.getServerSocket(TSSLTransportFactory.java:103)
        at org.apache.cassandra.thrift.CustomTThreadPoolServer$Factory.buildTServer(CustomTThreadPoolServer.java:257)
        ... 9 more
Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers
        at sun.security.ssl.CipherSuiteList.<init>(Unknown Source)
        at sun.security.ssl.SSLServerSocketImpl.setEnabledCipherSuites(Unknown Source)
        at org.apache.thrift.transport.TSSLTransportFactory.createServer(TSSLTransportFactory.java:113)
        ... 11 more
Cannot start daemon
Service exit with a return value of 5

完整日志输出 Gist

cassandra.yaml 要点

我错过了什么?

答案1

您需要添加 java 加密扩展。请参阅此处有关此问题的博客文章:

http://www.pathin.org/tutorials/java-cassandra-cannot-support-tls_rsa_with_aes_256_cbc_sha-with-currently-installed-providers/

相关内容