除了更改 keystore 和 truststore 密码并在 conf 中安装相应文件之外,我对 cassandra.yaml 进行了以下更改:
internode_encryption: all
algorithm: IbmX509
另外我设置了以下环境变量:
JAVA_HOME=/share/ibm-jdk1.8
JVM_OPTS=-Dcom.ibm.jsse2.overrideDefaultTLS=true
我调用 bin/cassandra 并最终看到......
*** SSLContextImpl: Using X509ExtendedKeyManager com.ibm.jsse2.ay SSLContextImpl: Using X509TrustManager com.ibm.jsse2.aC JsseJCE: Using SecureRandom SHA2DRBG from provider IBMJCE version 1.8 trigger seeding of SecureRandom done seeding SecureRandom JsseJCE: Using SecureRandom SHA2DRBG from provider IBMJCE version 1.8 JsseJCE: Using signature SHA1withECDSA from provider TBD via init JsseJCE: Using signature NONEwithECDSA from provider TBD via init JsseJCE: Using KeyAgreement ECDH from provider IBMJCE version 1.8 JsseJCE: Using KeyFactory EC from provider IBMJCE version 1.8 JsseJCE: Using KeyPairGenerator EC from provider TBD via init JsseJCE: Using cipher AES/GCM/NoPadding from provider TBD via init CipherBox: Using cipher AES/GCM/NoPadding from provider from init IBMJCE version 1.8 JsseJCE: Using cipher AES/CBC/NoPadding from provider TBD via init CipherBox: Using cipher AES/CBC/NoPadding from provider from init IBMJCE version 1.8 jdk.tls.client.protocols is defined as null SSLv3 protocol was requested but was not enabled SSLv3 protocol was requested but was not enabled SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2] SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2] CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2] WARN 10:55:39 Filtering out [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] 因为它不受启动期间遇到的套接字异常 (java.lang.IllegalArgumentException) 的支持:SSLv2Hello 不是一个可识别的协议。java.lang.IllegalArgumentException:SSLv2Hello 不是公认的协议。
请指教。