Datastax Cassandra - Cqlsh with SSL not working

Author: Vittorio Cozzolino

Originally Sourced from:

I've installed a single-node Datastax Cassandra v3.5 cluster on my Ubuntu machine. I'm trying to connect to the node using the command-line interface cqlsh using the SSL option without success (from the same machine). The steps I followed are:

  • Prepared the .keystore, .cer certificate and .truststore following this guide
  • Modified my cassandra.yaml accordingly:

    client_encryption_options: enabled: true optional: false keystore: /************************/.keystore keystore_password: ************************ require_client_auth: false # Set trustore and truststore_password if require_client_auth is true truststore: /************************/.truststore truststore_password: ************************

  • Created a cqlshrc conf file and filled it following this guide :

    [connection] hostname = ***** port = 9042 factory = cqlshlib.ssl.ssl_transport_factory [ssl] certfile = /home/conf/mycert.cer validate = true ## Optional, true by default

So basically I created a private and public key, pointed Cassandra to my .keystore and .truststore (even tho I don't think it's necessary because I'm not enforcing the client auth) and cqlsh to the public key (certificate).

Whenever I try to launch cqlsh --ssl I get always the same error and not a single debug message inside Cassandra. The error message is:

Connection error: ('Unable to connect to any servers', {'*.*****.******': error(0, "Tried connecting to [('..*.***', 9042)]. Last error: _ssl.c:344:error:00000000:lib(0):func(0):reason(0)")})

Just a side note, if I remove SSL authentication everything works perfectly.


I've solved my initial issue following @Adam Holmberg suggestion but still no luck with the SSL connection. I checked that I have JCE libraries installed and I've been trying to enforce cqslh to use SSLv23 or TLSv1 to establish the connection to the Cassandra server but I receive the following error all the times:

Connection error: ('Unable to connect to any servers', ... ... ... Last error: _ssl.c:510: EOF occurred in violation of protocol")})

Moreover, I've also added the JVM option to no avail, I don't see any additional log about ssl.