NoHost尝试连接到启用SSL的Cassandra时可用
我正在尝试使用Spring连接到支持SSL的Cassandra。我已收到密钥库和信任库文件及其各自的密码。使用DevCenter工具,我能够使用这些文件和凭据连接到远程数据库。然而,当我尝试使用java进行连接时,我不断遇到以下异常:
客户端身份验证似乎未正确通过。
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1500600803 bytes = { 210, 125, 166, 7, 213, 206, 126, 108, 110, 254, 207, 58, 13, 147, 17, 116, 100, 203, 214, 85, 221, 233, 167, 43, 110, 114, 95, 111 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
***
cluster1-nio-worker-0, WRITE: TLSv1.2 Handshake, length = 193
cluster1-nio-worker-0, called closeOutbound()
cluster1-nio-worker-0, closeOutboundInternal()
cluster1-nio-worker-0, SEND TLSv1.2 ALERT: warning, description = close_notify
cluster1-nio-worker-0, WRITE: TLSv1.2 Alert, length = 2
cluster1-nio-worker-0, called closeInbound()
cluster1-nio-worker-0, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
cluster1-nio-worker-0, SEND TLSv1.2 ALERT: fatal, description = internal_error
cluster1-nio-worker-0, Exception sending alert: java.io.IOException: writer side was already closed.
Exception in thread "main" com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried for query failed (tried: /172.18.34.226:9042 (com.datastax.driver.core.exceptions.TransportException: [/172.18.34.226:9042] Channel has been closed))
at com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:233)
at com.datastax.driver.core.ControlConnection.connect(ControlConnection.java:79)
at com.datastax.driver.core.Cluster$Manager.init(Cluster.java:1483)
at com.datastax.driver.core.Cluster.init(Cluster.java:159)
at com.datastax.driver.core.SessionManager.initAsync(SessionManager.java:78)
at com.datastax.driver.core.SessionManager.executeAsync(SessionManager.java:139)
at com.datastax.driver.core.AbstractSession.execute(AbstractSession.java:68)
at com.datastax.driver.core.AbstractSession.execute(AbstractSession.java:43)
at ClientToNode.execute(ClientToNode.java:49)
at ClientToNode.main(ClientToNode.java:27)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
使用以下代码:
private Cluster getCluster(final String trustStoreLocation, final String trustStorePassword, final String keyStoreLoc, final String keyStorePass,final String host) throws UnrecoverableKeyException {
final Cluster cluster;
SSLContext sslcontext = null;
try {
final InputStream trustStoreStream = ClientToNode.class.getResourceAsStream(trustStoreLocation);
final KeyStore keystore = KeyStore.getInstance("jks");
final char[] trustChars = trustStorePassword.toCharArray();
keystore.load(trustStoreStream, trustChars);
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
final TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
final InputStream keyStoreStream = ClientToNode.class.getResourceAsStream(keyStoreLoc);
final KeyStore keyStore = KeyStore.getInstance("jks");
final char[] pwdKeyStore = keyStorePass.toCharArray();
keyStore.load(keyStoreStream, pwdKeyStore);
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStorePass.toCharArray());
final KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(keyManagers, trustManagers, new SecureRandom());
} catch (Exception e) {
e.printStackTrace();
}
//String[] ciphers = {"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"};
JdkSSLOptions sslOptions = JdkSSLOptions.builder()
.withSSLContext(sslcontext)
//.withCipherSuites(ciphers)
.build();
cluster = Cluster.builder()
.addContactPoint(host)
.withSSL(sslOptions)
.build();
return cluster;
}共有1个答案
已进行以下更改以修复此问题:
- 连接到支持SSL的Cassandra的先决条件是安装Java加密扩展(JCE),将UnlimitedJCEPolicy上下文提取到JRE。有关更多信息,请访问将DevCenter连接到启用SSL的Cassandra
IMP:要将DevCenter连接到启用SSL的Cassandra,我们需要替换JRE下的JCE文件,位于C:\Program Files\Java\jre1.8。0_91\lib\Security。
要使用Java代码连接到启用SSL的Cassandra,我们需要将JCE文件放在JDK下的JRE,即C:\Program Files\Java\jdk1.8。0_91\jre\lib\Security
生成群集时未添加凭据:
<代码>群集=群集。生成器()。添加联系人(主机)。带SL(S选项)。withCredentials(“dbuser”,“password”)。build()
-
我已经启动了spark-thrift服务器,并使用Beeline连接到thrift服务器。当尝试查询时,创建一个表在hive转移,我得到以下错误。 cassandra不是有效的Spark SQL数据源。 0:jdbc:hive2:/localhost:10000>select*from traveldata.employee_details;
-
我一直试图连接到我的Cassandra节点使用SSL选项,但我似乎无法让它工作。我有所有的密钥存储/信任存储设置正确。节点到节点加密工作,客户端到节点加密工作通过OpsCenter和。我的问题,我如何得到正确的证书/密钥/ca文件的cassandra-驱动程序在节点上?我尝试过根据我找到的提要导出,但是没有好的教程。 通过阅读其他Java连接教程,我可以只包含我的密钥库,在Ruby连接器上,它说它
-
尝试连接到SQL服务器2014时出错。我使用JRE7和sqljdbc4-4.0.jar 以下是我的java代码: 以下是完整的堆栈跟踪: JAVAext.dirs:C:\Cisco\CallStudio\eclipse\jre\lib\ext;C:\WINDOWS\Sun\Java\lib\ext-com。微软sqlserver。jdbc。SQLServerException:驱动程序无法使用安全
-
当尝试在 CentOS 上使用 Python 客户端本地连接到 Kafka 0.10.0.0 时,我有一个非常奇怪的问题。 我的连接选项非常简单且默认: 当我在Kafka的服务器中手动设置侦听器选项时。属性文件,如: 我得到了kafka.errors。NoBrokersAvailable,尽管我仍然可以使用curl或其他linux工具轻松连接到Kafka代理服务器。 无广告。侦听器或其他不推荐使用
-
我试图连接到mysql数据库使用hibernate从cfg文件作为 虽然我的连接字符串、用户名、密码是正确的,并且在其他具有基本jdbc连接的项目中运行良好,但当我使用hibernate尝试它时,我在控制台上遇到了这个错误 是的,数据库服务器已启动并运行,但来自此Hibernate应用程序的连接被拒绝
-
我正在尝试运行卡桑德拉,但每次它在连接时都会给出相同的错误...有什么我需要在配置文件或属性文件中编辑的吗? ('无法连接到任何服务器',{'127.0.0.1:9042 ':错误(61,"尝试连接到[('127.0.0.1 ',9042)]。最后一个错误:连接被拒绝")}) 启动cassandra时出错