DataStax Help Center

Receiving error Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers on DSE startup after setting up client-to-node encryption

Summary

The documentation for client-to-node encryption does not specify that in order to enable client-to-node encryption, the jce libraries must be installed.  

Symptoms

When they are not installed you will see the error Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers in the cassandra system.log

Cause

The Oracle Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 must be installed when enabling client-to-node encryption.

 

Solution

  1. Download the JCE
    1. JAVA 8
    2. JAVA 7
    3. JAVA 6
  2. Unzip the downloaded file
  3. Place the two jars from the zip file into  <java_jre_install_dir>/lib/security/ if running the jre or <java_jdk_install_dir>/jre/lib/security if running the jdk
  4. Restart dse
Was this article helpful?
5 out of 5 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Raghav Rachamalla

    Nice article!!

    I will try to share my experience having issue with connecting from Devcenter with SSL enabled. I was trying to search for the error on the internet and looked at this article..

    I was getting the below error while trying to make connections from Devcenter:

    java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers

    In addition to the step mentioned above regarding JCE files added to …./java../lib/security , I had to add the same jar files to my devcenter installed location:
    (please make sure you have the same set of jar files under both locations)
    C:\Program Filles\Java\jre1.8.0_121\lib\security and C:\Program Files\…….DevCenter\jre\lib\security

    That solved my problem..

    more details can be found: https://www.instaclustr.com/blog/2016/02/08/connecting-to-a-cassandra-cluster-using-tls-ssl/#comment-1551

    Regard’s
    Raghav

Powered by Zendesk