Support Policy      Security Notices
  1. DataStax Support
  2. DataStax Enterprise
  3. General

Receiving error Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers on DSE startup after setting up client-to-node encryption

Follow

Summary

The documentation for client-to-node encryption does not specify that in order to enable client-to-node encryption, the jce libraries must be installed.  

Symptoms

When they are not installed you will see the error Caused by: java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers in the cassandra system.log

Cause

The Oracle Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 must be installed when enabling client-to-node encryption.

 

Solution

  1. Download the JCE
    1. JAVA 8
    2. JAVA 7
    3. JAVA 6
  2. Unzip the downloaded file
  3. Place the two jars from the zip file into  <java_jre_install_dir>/lib/security/ if running the jre or <java_jdk_install_dir>/jre/lib/security if running the jdk
  4. Restart dse
Darla Baker
Created: 2013-10-22 19:21:32 UTC
Last Update: 2017-07-14 23:55:27 UTC

Related articles

Comments

3 comments

Sort by Date Votes
  • Avatar
    Sukanta Nanda

    Here is detail of JAVA8 home dir. detail. Please let me know if are we missing anything here.

    /cassandra/product/tools/java8/jdk1.8.0_66/jre/lib/security > ls -lrt
    total 148
    -rw-r--r--. 1 cassandra cassandra 3026 Oct 7 2015 US_export_policy.jar
    -rw-r--r--. 1 cassandra cassandra 0 Oct 7 2015 trusted.libraries
    -rw-r--r--. 1 cassandra cassandra 3527 Oct 7 2015 local_policy.jar
    -rw-r--r--. 1 cassandra cassandra 26207 Oct 7 2015 java.security
    -rw-r--r--. 1 cassandra cassandra 2466 Oct 7 2015 java.policy
    -rw-r--r--. 1 cassandra cassandra 99954 Oct 7 2015 cacerts
    -rw-r--r--. 1 cassandra cassandra 1188 Oct 7 2015 blacklisted.certs
    -rw-r--r--. 1 cassandra cassandra 4054 Oct 7 2015 blacklist

    0
    Comment actions Permalink
  • Avatar
    Sukanta Nanda

    Those 2 below jar files already came through server-jre-8u66-linux-x64.gz file.
    -rw-r--r--. 1 cassandra cassandra 3026 Oct 7 2015 US_export_policy.jar
    -rw-r--r--. 1 cassandra cassandra 3527 Oct 7 2015 local_policy.jar

    But when I downloaded jce_policy-8.zip file and unzip it then found that below 2 jar files has different size that what ever do we have above. Please let me know if we will overwrite above 2 jar files with below jar files.

    -rw-rw-r--. 1 cassandra cassandra 3023 Dec 20 2013 US_export_policy.jar
    -rw-r--r--. 1 cassandra cassandra 7323 Dec 20 2013 README.txt
    -rw-rw-r--. 1 cassandra cassandra 3035 Dec 20 2013 local_policy.jar

    0
    Comment actions Permalink
  • Avatar
    Raghav Rachamalla

    Nice article!!

    I will try to share my experience having issue with connecting from Devcenter with SSL enabled. I was trying to search for the error on the internet and looked at this article..

    I was getting the below error while trying to make connections from Devcenter:

    java.lang.IllegalArgumentException: Cannot support TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers

    In addition to the step mentioned above regarding JCE files added to …./java../lib/security , I had to add the same jar files to my devcenter installed location:
    (please make sure you have the same set of jar files under both locations)
    C:\Program Filles\Java\jre1.8.0_121\lib\security and C:\Program Files\…….DevCenter\jre\lib\security

    That solved my problem..

    more details can be found: https://www.instaclustr.com/blog/2016/02/08/connecting-to-a-cassandra-cluster-using-tls-ssl/#comment-1551

    Regard’s
    Raghav

    0
    Comment actions Permalink

Please sign in to leave a comment.