I have finally tracked down the problem and I'm happy to say that this
is not a Cassandra problem. I found out that we have a custom security
provider installed on our servers and when I disabled that the problem
disappeared.
/Tommy
On 2018-01-19 14:40, Tommy Stendahl wrote:
I have continu
I have continued the upgrade of the cluster using the default protocol
setting and after upgrading all nodes there were no problems switching
back to "TLSv1.2". But I will try to reproduce the problem using a ccm
cluster, I think that should be relatively easy, and when can try the
-Djavax.net
>
> We use Oracle jdk1.8.0_152 on all nodes and as I understand oracle use a
> dot in the protocol name (TLSv1.2) and I use the same protocol name and
> cipher names in the 3.0.14 nodes and the one I try to upgrade to 3.11.1.
>
I agree with Stefan's assessment and share his confusion. Would you be
We use Oracle jdk1.8.0_152 on all nodes and as I understand oracle use a
dot in the protocol name (TLSv1.2) and I use the same protocol name and
cipher names in the 3.0.14 nodes and the one I try to upgrade to 3.11.1.
On 2018-01-17 15:02, Georg Brandemann wrote:
If i remember correctly the pro
If i remember correctly the protocol names differ between some JRE vendors.
With IBM Java for instance the protocol name would be TLSv12 ( without . ).
Are you using the same JRE on all nodes and is the protocol name and cipher
names exactly the same on all nodes?
2018-01-17 14:51 GMT+01:00 Tomm
Thanks for your response.
I got it working by removing my protocol setting from the configuration
on the 3.11.1 node so it use the default protocol setting, I'm not sure
exactly how that change things so I need to investigate that. We don't
have any custom ssl settings that should affect this
Thanks for your response.
I removed the protocol setting from the server_encryption_options in the
3.11.1 node so it use the default value instead and now it works. I have
to analyse if this has any impact on my security requirements but at
least its working now.
/Tommy
On 2018-01-16 17:26
I think what this error indicates is that a client is trying to connect
using a SSLv2Hello handshake, while this protocol has been disabled on
the server side. Starting with the mentioned ticket, we use the JVM
default list of enabled protocols. What makes this issue a bit
confusing, is that starti
This looks like the post-POODLE commit:
https://issues.apache.org/jira/browse/CASSANDRA-10508
I think you might just set 'TLS' as in the example to use the JVM's
preferred TLS protocol version.
--
Michael
On 01/16/2018 08:13 AM, Tommy Stendahl wrote:
> Hi,
>
> I have problems upgrading a clust
Hi,
I have problems upgrading a cluster from 3.0.14 to 3.11.1 but when I
upgrade the first node it fails to gossip.
I have server encryption enabled on all nodes with this setting:
server_encryption_options:
internode_encryption: all
keystore: /usr/share/cassandra/.ssl/server/keystore
10 matches
Mail list logo
