The Cassandra shell cqlsh cannot connect on the sessionstore nodes:
eevans@sessionstore1001:~$ c-cqlsh a Connection error: ('Unable to connect to any servers', {'10.64.0.144': error(1, u"Tried connecting to [('10.64.0.144', 9042)]. Last error: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661)")}) eevans@sessionstore1001:~$
This was the result of a recent JDK upgrade to 8u292-b10-0+deb9u1, that disabled support for TLSv1 and TLSv1.1.
eevans@sessionstore1001:~$ egrep -A2 '^jdk.tls.disabledAlgorithms' /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/java.security jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \ include jdk.disabled.namedCurves eevans@sessionstore1001:~$