Apache Cassandra™ 2.0

The cassandra.yaml configuration file

The cassandra.yaml file is the main configuration file for Cassandra.

Important: After changing properties in the cassandra.yaml file, you must restart the node for the changes to take effect. It is located in the following directories:
  • Cassandra Packaged installs: /etc/cassandra/conf
  • Cassandra Binary installs: install_location/conf
  • DataStax Enterprise Packaged installs: /etc/dse/cassandra
  • DataStax Enterprise Binary installs: install_location/resources/cassandra/conf

The configuration properties are grouped into the following sections:

  • Quick start

    The minimal properties needed for configuring a cluster.

  • Commonly used

    Properties most frequently used when configuring Cassandra.

  • Performance tuning

    Tuning performance and system resource utilization, including commit log, compaction, memory, disk I/O, CPU, reads, and writes.

  • Advanced

    Properties for advanced users or properties that are less commonly used.

  • Security

    Server and client security settings.

Note: Values with double asterisks ** indicate default values that are defined internally, missing, or commented out in the cassandra.yaml file. Additionally, some commented out values may not match the actual default value; they are the recommended value when changing from the default.

Quick start properties

The minimal properties needed for configuring a cluster.

(Default: Test Cluster) The name of the cluster. This setting prevents nodes in one logical cluster from joining another. All nodes in a cluster must have the same value.
(Default: localhost) The IP address or host name that other Cassandra nodes use to connect to this node. If you want your nodes to be able to communicate, you must change this setting:
  • Generally set to empty. If the node is properly configured (host name, name resolution, and so on), Cassandra uses InetAddress.getLocalHost() to get the local address from the system.
  • For a single node cluster, you can use the default setting (localhost).
  • If Cassandra can't find the correct address, you must specify the IP address or host name.
  • Never specify; it is always wrong.

Default directories

If you have changed any of the default directories during installation, set these properties:

(Default: /var/lib/cassandra/commitlog) The directory where the commit log is stored. For optimal write performance, it is recommended the commit log be on a separate disk partition (ideally, a separate physical device) from the data file directories. Using an HDD is acceptable because the commit log is append only.
(Default:/var/lib/cassandra/data) The directory location where table data (SSTables) is stored. As a production best practice, use RAID 0 and SSDs.
(Default: /var/lib/cassandra/saved_caches) The directory location where table key and row caches are stored.

Commonly used properties

Properties most frequently used when configuring Cassandra.

Before starting a node for the first time, you should carefully evaluate your requirements.

Common initialization properties

Note: Be sure to set the properties in the Quick start section as well.
(Default: stop) Policy for commit disk failures:
  • stop: Shut down gossip and Thrift, leaving the node effectively dead, but can be inspected using JMX.
  • stop_commit: Shut down the commit log, letting writes collect but continuing to service reads (as in pre-2.0.5 Cassandra).
  • ignore: Ignore fatal errors and let the batches fail.
(Default: stop) Sets how Cassandra responds to disk failure.
  • stop: Shuts down gossip and Thrift, leaving the node effectively dead, but it can still be inspected using JMX.
  • stop_paranoid: Shut down gossip and Thrift even for single-SSTable errors.
  • best_effort: Cassandra does its best in the event of disk errors. If it cannot write to a disk, the disk is blacklisted for writes and the node continues writing elsewhere. If Cassandra cannot read from the disk, those SSTables are marked unreadable, and the node continues serving data from readable SSTables. This means you will see obsolete data at consistency level of ONE.
  • ignore: Use for upgrading. Cassandra acts as in versions prior to 1.2. Ignores fatal errors and lets the requests fail; all file system errors are logged but otherwise ignored. It is recommended using stop or best_effort.
(Default: org.apache.cassandra.locator.SimpleSnitch) Sets which snitch Cassandra uses for locating nodes and routing requests. It must be set to a class that implements IEndpointSnitch. For descriptions of the available snitches, see Snitches.
Note: The GossipingPropertyFileSnitch is recommended for production. It defines a node's data center and rack and uses gossip for propagating this information to other nodes.
(Default: localhost) The listen address for client connections. Valid values are:
  • Listens on all configured interfaces.
  • IP address
  • hostname
  • unset: Resolves the address using the hostname configuration of the node. If left unset, the hostname must resolve to the IP address of this node using /etc/hostname, /etc/hosts, or DNS.
(Default: org.apache.cassandra.locator.SimpleSeedProvider) A list of comma-delimited hosts (IP addresses) to use as contact points when a node joins a cluster. Cassandra also uses this list to learn the topology of the ring. When running multiple nodes, you must change the - seeds list from the default value ( In multiple data-center clusters, the - seeds list should include at least one node from each data center (replication group). See Initializing a multiple node cluster (single data center) and Initializing a multiple node cluster (multiple data centers).

Common compaction settings

(Default: 16) Throttles compaction to the specified total throughput across the entire system. The faster you insert data, the faster you need to compact in order to keep the SSTable count down. The recommended Value is 16 to 32 times the rate of write throughput (in MBs/second). Setting the value to 0 disables compaction throttling.

Common memtable settings

(Default: 1/4 of the heap**) Specifies the total memory used for all memtables on a node. This replaces the per-table storage settings memtable_operations_in_millions and memtable_throughput_in_mb.

Common disk settings

(Default: 32) For workloads with more data than can fit in memory, the bottleneck is reads fetching data from disk. Setting to (16 × number_of_drives) allows operations to queue low enough in the stack so that the OS and drives can reorder them.
(Default: 32) Writes in Cassandra are rarely I/O bound, so the ideal number of concurrent writes depends on the number of CPU cores in your system. The recommended value is (8 × number_of_cpu_cores).

Common automatic backup settings

(Default: false) Backs up data updated since the last snapshot was taken. When enabled, Cassandra creates a hard link to each SSTable flushed or streamed locally in a backups/ subdirectory of the keyspace data. Removing these links is the operator's responsibility.
(Default: false) Enable or disable taking a snapshot before each compaction. This option is useful to back up data when there is a data format change. Be careful using this option because Cassandra does not clean up older snapshots automatically.

Common fault detection setting

(Default: 8**) Adjusts the sensitivity of the failure detector on an exponential scale. Lower values increase the likelihood that an unresponsive node will be marked as down, while higher values decrease the likelihood that transient failures will cause a node failure. In unstable network environments (such as EC2 at times), raising the value to 10 or 12 helps prevent false failures. Values higher than 12 and lower than 5 are not recommended.

Performance tuning properties

Tuning performance and system resource utilization, including commit log, compaction, memory, disk I/O, CPU, reads, and writes.

Commit log settings

(Default: periodic) The method that Cassandra uses to acknowledge writes in milliseconds:
  • periodic: Used with commitlog_sync_period_in_ms (Default: 10000 - 10 seconds) to control how often the commit log is synchronized to disk. Periodic syncs are acknowledged immediately.
  • batch: Used with commitlog_sync_batch_window_in_ms (Default: disabled**) to control how long Cassandra waits for other writes before performing a sync. When using this method, writes are not acknowledged until fsynced to disk.
(Default: 32) Sets the size of the individual commitlog file segments. A commitlog segment may be archived, deleted, or recycled after all its data has been flushed to SSTables. This amount of data can potentially include commitlog segments from every table in the system. The default size is usually suitable for most commitlog archiving, but if you want a finer granularity, 8 or 16 MB is reasonable. See Commit log archive configuration.
(Default: 32 for 32-bit JVMs, 1024 for 64-bit JVMs**) Total space used for commitlogs. If the used space goes above this value, Cassandra rounds up to the next nearest segment multiple and flushes memtables to disk for the oldest commitlog segments, removing those log segments. This reduces the amount of data to replay on start-up, and prevents infrequently-updated tables from indefinitely keeping commitlog segments. A small total commitlog space tends to cause more flush activity on less-active tables.

Compaction settings

(Default: true) When set to true, cached row keys are tracked during compaction, and re-cached to their new positions in the compacted SSTable. If you have extremely large key caches for tables, set the value to false; see Global row and key caches properties.
(Default: 1 per CPU core**) Sets the number of concurrent compaction processes allowed to run simultaneously on a node, not including validation compactions for anti-entropy repair. Simultaneous compactions help preserve read performance in a mixed read-write workload by mitigating the tendency of small SSTables to accumulate during a single long-running compaction. If compactions run too slowly or too fast, change compaction_throughput_mb_per_sec first.
(Default: 64) Size limit for rows being compacted in memory. Larger rows spill to disk and use a slower two-pass compaction process. When this occurs, a message is logged specifying the row key. The recommended value is 5 to 10 percent of the available Java heap size.
(Default: false) When set to true, each compaction operation uses one thread per core and one thread per SSTable being merged. This is typically useful only on nodes with SSD hardware. With HDD hardware, the goal is to limit the disk I/O for compaction (see compaction_throughput_mb_per_sec).
(Default: false) Enable or disable kernel page cache preheating from contents of the key cache after compaction. When enabled it preheats only first page (4KB) of each row to optimize for sequential access. It can be harmful for fat rows, see CASSANDRA-4937 for more details.

Memtable settings

(Default: smaller of 1/4 heap or 512) Total memory to use for SSTable-reading buffers.
(Default: 0.75) When Java heap usage (after a full concurrent mark sweep (CMS) garbage collection) exceeds the set value, Cassandra flushes the largest memtables to disk to free memory. This parameter is an emergency measure to prevent sudden out-of-memory (OOM) errors. Do not use it as a tuning mechanism. It is most effective under light to moderate loads or read-heavy workloads; it will fail under massive write loads. A value of 0.75 flushes memtables when Java heap usage is above 75% total heap size. Set to 1.0 to disable. Other emergency measures are reduce_cache_capacity_to and reduce_cache_sizes_at.
(Default: 4) The number of full memtables to allow pending flush (memtables waiting for a write thread). At a minimum, set to the maximum number of indexes created on a single table.
(Default: 1 per data directory**) Sets the number of memtable flush writer threads. These threads are blocked by disk I/O, and each one holds a memtable in memory while blocked. If you have a large Java heap size and many data directories, you can increase the value for better flush performance.

Cache and index settings

(Default: 64) Add column indexes to a row when the data reaches this size. This value defines how much row data must be deserialized to read the column. Increase this setting if your column values are large or if you have a very large number of columns. If consistently reading only a few columns from each row or doing many partial-row reads, keep it small. All index data is read for each access, so take that into consideration when setting the index size.
(Default: false**) Adds newly flushed or compacted SSTables to the operating system page cache, potentially evicting other cached data to make room. Enable when all data in the table is expected to fit in memory. See also the global option, compaction_preheat_key_cache.
(Default: 0.6) Sets the size percentage to which maximum cache capacity is reduced when Java heap usage reaches the threshold defined by reduce_cache_sizes_at. Together with flush_largest_memtables_at, these properties constitute an emergency measure for preventing sudden out-of-memory (OOM) errors.
(Default: 0.85) When Java heap usage (after a full concurrent mark sweep (CMS) garbage collection) exceeds this percentage, Cassandra reduces the cache capacity to the fraction of the current size as specified by reduce_cache_capacity_to. To disable, set the value to 1.0.

Disks settings

(Default: 200**) Throttles all outbound streaming file transfers on a node to the specified throughput. Cassandra does mostly sequential I/O when streaming data during bootstrap or repair, which can lead to saturating the network connection and degrading client (RPC) performance.
(Default: false) When doing sequential writing, enabling this option tells fsync to force the operating system to flush the dirty buffers at a set interval trickle_fsync_interval_in_kb. Enable this parameter to avoid sudden dirty buffer flushing from impacting read latencies. Recommended to use on SSDs, but not on HDDs.
(Default: 10240]). Sets the size of the fsync in kilobytes.

Advanced properties

Properties for advanced users or properties that are less commonly used.

Advanced initialization properties

(Default: true) This setting has been removed from default configuration. It makes new (non-seed) nodes automatically migrate the right data to themselves. When initializing a fresh cluster without data, add auto_bootstrap: false.
(Default: listen_address**) If your Cassandra cluster is deployed across multiple Amazon EC2 regions and you use the EC2MultiRegionSnitch, set the broadcast_address to public IP address of the node and the listen_address to the private IP.
(Default: disabled) Used in the single-node-per-token architecture, where a node owns exactly one contiguous range in the ring space. If you haven't specified num_tokens or have set it to the default value of 1, you should always specify this parameter when setting up a production cluster for the first time and when adding capacity. For more information, see this parameter in the Cassandra 1.1 Node and Cluster Configuration documentation.
(Default: 256) Used for virtual nodes (vnodes). Defines the number of tokens randomly assigned to this node on the ring. The more tokens, relative to other nodes, the larger the proportion of data that the node stores. Generally all nodes should have the same number of tokens assuming they have equal hardware capability. Specifying the initial_token overrides this setting. The recommended value is 256. If left unspecified, Cassandra uses the default value of 1 token (for legacy compatibility) and uses the initial_token. If you already have a cluster with one token per node, and wish to migrate to multiple tokens per node, see The cassandra-shuffle utility.
(Default: org.apache.cassandra.dht.Murmur3Partitioner) Distributes rows (by key) across nodes in the cluster. Any IPartitioner may be used, including your own as long as it is in the classpath. Cassandra provides the following partitioners:
  • org.apache.cassandra.dht.Murmur3Partitioner
  • org.apache.cassandra.dht.RandomPartitioner
  • org.apache.cassandra.dht.ByteOrderedPartitioner
  • org.apache.cassandra.dht.OrderPreservingPartitioner (deprecated)
(Default: 7000) The port for inter-node communication.

Advanced automatic backup setting

(Default: true) Enable or disable whether a snapshot is taken of the data before keyspace truncation or dropping of tables. To prevent data loss, using the default setting is strongly advised. If you set to false, you will lose data on truncation or drop.

Key caches and global row properties

When creating or modifying tables, you enable or disable the key cache (partition key cache) or row cache for that table by setting the caching parameter. Other row and key cache tuning and configuration options are set at the global (node) level. Cassandra uses these settings to automatically distribute memory for each table on the node based on the overall workload and specific table usage. You can also configure the save periods for these caches globally. For more information, see Configuring caches.

(Default: disabled - all keys are saved**) Number of keys from the key cache to save.
(Default: 14400 - 4 hours) Duration in seconds that keys are saved in cache. Caches are saved to saved_caches_directory. Saved caches greatly improve cold-start speeds and has relatively little effect on I/O.
(Default: empty, which automatically sets it to the smaller of 5% of the available heap, or 100MB) A global cache setting for tables. It is the maximum size of the key cache in memory. To disable set to 0.
(Default: disabled - all keys are saved**) Number of keys from the row cache to save.
(Default: 0 - disabled) A global cache setting for tables.
(Default: 0 - disabled) Duration in seconds that rows are saved in cache. Caches are saved to saved_caches_directory.
(Default: NativeAllocator) The off-heap memory allocator. In addition to caches, this property affects storage engine metadata. Supported values:
  • NativeAllocator
  • JEMallocAllocator - Experiments show that jemalloc saves some memory compared to the native allocator because it is more fragmentation-resistant. To use, install jemalloc as a library and modify cassandra-env.sh (instructions in file).

Network timeout settings

(Default: 10000) The time in milliseconds that the coordinator waits for sequential or index scans to complete.
(Default: 10000) The time in milliseconds that the coordinator waits for read operations to complete.
(Default: 1000) The time in milliseconds that the coordinator continues to retry a CAS (compare and set) operation that contends with other proposals for the same row.
(Default: 60000) The time in milliseconds that the coordinator waits for truncates to complete. The long default value allows for flushing of all tables, which ensures that anything in the commitlog is removed that could cause truncated data to reappear. If auto_snapshot is disabled, you can reduce this time.
(Default: 10000) The time in milliseconds that the coordinator waits for write operations to complete.
(Default: 10000) The default time out in milliseconds for other, miscellaneous operations.

Inter-node settings

(Default: false) Enable or disable operation timeout information exchange between nodes (to accurately measure request timeouts). If disabled Cassandra assumes the request was forwarded to the replica instantly by the coordinator.
Before enabling this property make sure NTP (network time protocol) is installed and the times are synchronized between the nodes.
(Default: N/A**) Sets the sending socket buffer size in bytes for inter-node calls.
(Default: N/A**) Sets the receiving socket buffer size in bytes for inter-node calls.
(Default: all) Controls whether traffic between nodes is compressed. The valid values are:
  • all: All traffic is compressed.
  • dc: Traffic between data centers is compressed.
  • none: No compression.
(Default: false) Enable or disable tcp_nodelay for inter-data center communication. When disabled larger, but fewer, network packets are sent. This reduces overhead from the TCP protocol itself. However, if cross data-center responses are blocked, it will increase latency.
(Default: 0 - never timeout streams**) Enable or disable socket timeout for streaming operations. When a timeout occurs during streaming, streaming is retried from the start of the current file. Avoid setting this value too low, as it can result in a significant amount of data re-streaming.

Native transport (CQL Binary Protocol)

(Default: true) Enable or disable the native transport server. Note that the address on which the native transport is bound is the same as the rpc_address. However, the port is different from the rpc_port and specified in native_transport_port.
(Default: 9042) Port on which the CQL native transport listens for clients.
(Default: 16**) The minimum number of thread handling requests. The meaning is the same as rpc_min_threads.
(Default: 128**) The maximum number of thread handling requests. The meaning is the same as rpc_max_threads.

RPC (remote procedure call) settings

Settings for configuring and tuning client connections.

(Default: 9160) The port for the Thrift RPC service, which is used for client connections.
(Default: true) Starts the Thrift RPC server.
(Default: true) Enable or disable keepalive on client connections.
(Default: unlimited**) Regardless of your choice of RPC server (rpc_server_type), the number of maximum requests in the RPC thread pool dictates how many concurrent requests are possible. However, if you are using the parameter sync in the rpc_server_type, it also dictates the number of clients that can be connected. For a large number of client connections, this could cause excessive memory usage for the thread stack. Connection pooling on the client side is highly recommended. Setting a maximum thread pool size acts as a safeguard against misbehaved clients. If the maximum is reached, Cassandra blocks additional connections until a client disconnects.
(Default: 16**) Sets the minimum thread pool size for remote procedure calls.
(Default: N/A**) Sets the receiving socket buffer size for remote procedure calls.
(Default: N/A**) Sets the sending socket buffer size in bytes for remote procedure calls.
(Default: sync) Cassandra provides three options for the RPC server. On Windows, sync is about 30% slower than hsha. On Linux, sync and hsha performance is about the same, but hsha uses less memory.
  • sync: (default) One connection per thread in the RPC pool. For a very large number of clients, memory is the limiting factor. On a 64 bit JVM, 128KB is the minimum stack size per thread. Connection pooling is strongly recommended.
  • hsha: Half synchronous, half asynchronous. The RPC thread pool is used to manage requests, but the threads are multiplexed across the different clients. All Thrift clients are handled asynchronously using a small number of threads that does not vary with the number of clients (and thus scales well to many clients). The RPC requests are synchronous (one thread per active request).
  • Your own RPC server: You must provide a fully-qualified class name of an o.a.c.t.TServerFactory that can create a server instance.

Advanced fault detection settings

Settings to handle poorly performing or failing nodes.

(Default: 0.1) Sets the performance threshold for dynamically routing requests away from a poorly performing node. A value of 0.2 means Cassandra continues to prefer the static snitch values until the node response time is 20% worse than the best performing node. Until the threshold is reached, incoming client requests are statically routed to the closest replica (as determined by the snitch). Having requests consistently routed to a given replica can help keep a working set of data hot when read repair is less than 1.
(Default: 600000) Time interval in milliseconds to reset all node scores, which allows a bad node to recover.
(Default: 100) The time interval in milliseconds for calculating read latency.
(Default: true) Enable or disable hinted handoff. It can also contain a list of data centers to enable per data-center. For example hinted_handoff_enabled: DC1,DC2. A hint indicates that the write needs to be replayed to an unavailable node. Where Cassandra writes the hint depends on the version:
  • Prior to 1.0: Writes to a live replica node.
  • 1.0 and later: Writes to the coordinator node.
(Default: 1024) Maximum throttle per delivery thread in kilobytes per second. This rate reduces proportionally to the number of nodes in the cluster. For example, if there are two nodes in the cluster, each delivery thread will use the maximum rate; if there are three, each node will throttle to half of the maximum, since the two nodes are expected to deliver hints simultaneously.
(Default: 10800000 - 3 hours) Defines how long in milliseconds to generate and save hints for an unresponsive node. After this interval, new hints are no longer generated until the node is back up and responsive. If the node goes down again, a new interval begins. This setting can prevent a sudden demand for resources when a node is brought back online and the rest of the cluster attempts to replay a large volume of hinted writes.
(Default: 2) Number of threads with which to deliver hints. For multiple data center deployments, consider increasing this number because cross data-center handoff is generally slower.
(Default: 1024) Maximum throttle in KBs per second, total. It is reduced proportionally to the number of nodes in the cluster.

Request scheduler properties

Settings to handle incoming client requests according to a defined policy. If you need to use these properties, your nodes are overloaded and dropping requests. It is recommended that you add more nodes and not try to prioritize requests.

(Default: org.apache.cassandra.scheduler.NoScheduler) Defines a scheduler to handle incoming client requests according to a defined policy. This scheduler is useful for throttling client requests in single clusters containing multiple keyspaces. This is specifically for requests from the client and does not affect inter-node communication. Valid values are:
  • org.apache.cassandra.scheduler.NoScheduler: No scheduling takes place and does not have any options.
  • org.apache.cassandra.scheduler.RoundRobinScheduler: See request_scheduler_options properties.
  • A Java class that implements the RequestScheduler interface.
(Default: keyspace**) An identifier on which to perform request scheduling. Currently the only valid value is keyspace.
(Default: disabled) Contains a list of properties that define configuration options for request_scheduler:
  • throttle_limit: (Default: 80) The number of active requests per client. Requests beyond this limit are queued up until running requests complete. Recommended value is ((concurrent_reads + concurrent_writes) × 2).
  • default_weight: (Default: 5**) How many requests are handled during each turn of the RoundRobin.
  • weights: (Default: Keyspace1: 1, Keyspace2: 5) How many requests are handled during each turn of the RoundRobin, based on the request_scheduler_id. Takes a list of keyspaces: weights.

Thrift interface properties

Legacy API for older clients. CQL is a simpler and better API for Cassandra.

(Default: 15) Frame size (maximum field length) for Thrift. The frame is the row or part of the row that the application is inserting.
(Default: 16) The maximum length of a Thrift message in megabytes, including all fields and internal Thrift overhead (1 byte of overhead for each frame). Message length is usually used in conjunction with batches. A frame length greater than or equal to 24 accommodates a batch with four inserts, each of which is 24 bytes. The required message length is greater than or equal to 24+24+24+24+4 (number of frames).

Security properties

Server and client security settings.

(Default: org.apache.cassandra.auth.AllowAllAuthenticator) The authentication backend. It implements IAuthenticator, which is used to identify users. The available authenticators are:
  • org.apache.cassandra.auth.AllowAllAuthenticator: Disables authentication; no checks are performed.
  • org.apache.cassandra.auth.PasswordAuthenticator: Authenticates users with user names and hashed passwords stored in the system_auth.credentials table. If you use this authenticator, increase the system_auth keyspace replication factor.
(Default: org.apache.cassandra.auth.AllowAllAuthorizer) The authorization backend. It implements IAuthenticator, which limits access and provides permissions. The available authorizers are:
  • org.apache.cassandra.auth.AllowAllAuthorizer: Disables authorization; allows any action to any user.
  • org.apache.cassandra.auth.CassandraAuthorizer: Stores permissions in system_auth.permissions table. If you use this authenticator, increase the system_auth keyspace replication factor.
(Default: 2000) How long permissions in cache remain valid. Depending on the authorizer, fetching permissions can be resource intensive. This setting is automatically disabled when AllowAllAuthorizer is set.
Enable or disable inter-node encryption. You must also generate keys and provide the appropriate key and trust store locations and passwords. No custom encryption options are currently enabled. The available options are:
  • internode_encryption: (Default: none) Enable or disable encryption of inter-node communication using the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite for authentication, key exchange, and encryption of data transfers. The available inter-node options are:
    • all: Encrypt all inter-node communications.
    • none: No encryption.
    • dc: Encrypt the traffic between the data centers (server only).
    • rack: Encrypt the traffic between the racks(server only).
  • keystore: (Default: conf/.keystore) The location of a Java keystore (JKS) suitable for use with Java Secure Socket Extension (JSSE), which is the Java version of the Secure Sockets Layer (SSL), and Transport Layer Security (TLS) protocols. The keystore contains the private key used to encrypt outgoing messages.
  • keystore_password: (Default: cassandra) Password for the keystore.
  • truststore: (Default: conf/.truststore) Location of the truststore containing the trusted certificate for authenticating remote servers.
  • truststore_password: (Default: cassandra) Password for the truststore.

The passwords used in these options must match the passwords used when generating the keystore and truststore. For instructions on generating these files, see Creating a Keystore to Use with JSSE.

The advanced settings are:

  • protocol: (Default: TLS)
  • algorithm: (Default: SunX509)
  • store_type: (Default: JKS)
  • cipher_suites: (Default: TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA)
  • require_client_auth: (Default: false) Enables or disables certificate authentication.
Enable or disable client-to-node encryption. You must also generate keys and provide the appropriate key and trust store locations and passwords. No custom encryption options are currently enabled. The available options are:
  • enabled: (Default: false) To enable, set to true.
  • keystore: (Default: conf/.keystore) The location of a Java keystore (JKS) suitable for use with Java Secure Socket Extension (JSSE), which is the Java version of the Secure Sockets Layer (SSL), and Transport Layer Security (TLS) protocols. The keystore contains the private key used to encrypt outgoing messages.
  • keystore_password: (Default: cassandra) Password for the keystore. This must match the password used when generating the keystore and truststore.
  • require_client_auth: (Default: false) Enables or disables certificate authentication. (Available starting with Cassandra 1.2.3.)
  • truststore: (Default: conf/.truststore) Set if require_client_auth is true.
  • truststore_password: <truststore_password> Set if require_client_auth is true.

The advanced settings are:

  • protocol: (Default: TLS)
  • algorithm: (Default: SunX509)
  • store_type: (Default: JKS)
  • cipher_suites: (Default: TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA)
(Default: 7001) The SSL port for encrypted communication. Unused unless enabled in encryption_options.