diff --git a/.ci/setup_cassandra.sh b/.ci/setup_cassandra.sh
index 6b81db4003b..fffd68be04b 100644
--- a/.ci/setup_cassandra.sh
+++ b/.ci/setup_cassandra.sh
@@ -6,7 +6,7 @@ n=0
 until [ $n -ge 5 ]
 do
     sudo rm -rf /var/lib/cassandra/*
-    curl http://apache.arvixe.com/cassandra/$CASSANDRA_VERSION/$CASSANDRA_BASE-bin.tar.gz | tar xz && break
+    curl http://archive.apache.org/dist/cassandra/$CASSANDRA_VERSION/$CASSANDRA_BASE-bin.tar.gz | tar xz && break
     n=$[$n+1]
     sleep 5
 done
diff --git a/kong/cli/utils/signal.lua b/kong/cli/utils/signal.lua
index 7c3077cda76..5c09fdb45c1 100644
--- a/kong/cli/utils/signal.lua
+++ b/kong/cli/utils/signal.lua
@@ -227,9 +227,25 @@ function _M.prepare_kong(args_config, signal)
   prepare_nginx_working_dir(args_config, signal)
 end
 
-local function check_port(port)
-  if not cutils.is_port_bindable(port) then
-    cutils.logger:error_exit("Port "..tostring(port).." is being blocked by another process.")
+-- Checks whether a port is available. Exits the application if not available.
+-- @param port The port to check
+-- @param name Functional name the port is used for (display name)
+-- @param timeout (optional) Timeout in seconds after which a failure is logged 
+-- and application exit is performed, if not provided then it will fail at once without retries.
+local function check_port(port, name, timeout)
+  local expire = socket.gettime() + (timeout or 0)
+  local msg = tostring(port) .. (name and " ("..tostring(name)..")")
+  local warned
+  while not cutils.is_port_bindable(port) do
+    if expire <= socket.gettime() then
+      cutils.logger:error_exit("Port "..msg.." is being blocked by another process.")
+    else
+      if not warned then
+        cutils.logger:warn("Port "..msg.." is unavailable, retrying for "..tostring(timeout).." seconds")
+        warned = true
+      end
+    end
+    socket.sleep(0.5)
   end
 end
 
@@ -241,6 +257,7 @@ end
 -- @return A boolean: true for success, false otherwise
 function _M.send_signal(args_config, signal)
   -- Make sure nginx is there and is openresty
+  local port_timeout = 1   -- OPT: make timeout configurable (note: this is a blocking timeout!)
   local nginx_path = find_nginx()
   if not nginx_path then
     cutils.logger:error_exit(string.format("Kong cannot find an 'nginx' executable.\nMake sure it is in your $PATH or in one of the following directories:\n%s", table.concat(NGINX_SEARCH_PATHS, "\n")))
@@ -250,9 +267,13 @@ function _M.send_signal(args_config, signal)
   if not signal then signal = START end
 
   if signal == START then
-    local ports = { kong_config.proxy_port, kong_config.proxy_ssl_port, kong_config.admin_api_port }
-    for _,port in ipairs(ports) do
-      check_port(port)
+    local ports = { 
+      ["Kong proxy"] = kong_config.proxy_port, 
+      ["Kong proxy ssl"] = kong_config.proxy_ssl_port, 
+      ["Kong admin api"] = kong_config.admin_api_port
+    }
+    for name, port in pairs(ports) do
+      check_port(port, name, port_timeout)
     end
   end
 
@@ -270,7 +291,7 @@ function _M.send_signal(args_config, signal)
     dnsmasq.stop(kong_config)
     if kong_config.dns_resolver.dnsmasq then
       local dnsmasq_port = kong_config.dns_resolver.port
-      check_port(dnsmasq_port)
+      check_port(dnsmasq_port, "dnsmasq", port_timeout)
       dnsmasq.start(kong_config.nginx_working_dir, dnsmasq_port)
     end
   elseif signal == STOP or signal == QUIT then
@@ -281,7 +302,7 @@ function _M.send_signal(args_config, signal)
   if signal == START or signal == RESTART or signal == RELOAD then
     local res, code = IO.os_execute("ulimit -n")
     if code == 0 and tonumber(res) < 4096 then
-      cutils.logger:warn("ulimit is currently set to \""..res.."\". For better performance set it to at least \"4096\" using \"ulimit -n\"")
+      cutils.logger:warn('ulimit is currently set to "'..res..'". For better performance set it to at least "4096" using "ulimit -n"')
     end
   end
 
diff --git a/spec/plugins/oauth2/access_spec.lua b/spec/plugins/oauth2/access_spec.lua
index 30df95a7488..640d6d5aa3d 100644
--- a/spec/plugins/oauth2/access_spec.lua
+++ b/spec/plugins/oauth2/access_spec.lua
@@ -696,7 +696,7 @@ describe("Authentication Plugin", function()
       assert.are.equal(401, status)
       assert.are.equal('Bearer realm="service" error="invalid_token" error_description="The access token is invalid"', headers['www-authenticate'])
       assert.are.equal("invalid_token", body.error)
-      assert.are.equal("The access token invalid", body.error_description)
+      assert.are.equal("The access token is invalid", body.error_description)
     end)
 
     it("should return 401 Unauthorized when an invalid access token is being sent via the Authorization header", function()
@@ -705,7 +705,7 @@ describe("Authentication Plugin", function()
       assert.are.equal(401, status)
       assert.are.equal('Bearer realm="service" error="invalid_token" error_description="The access token is invalid"', headers['www-authenticate'])
       assert.are.equal("invalid_token", body.error)
-      assert.are.equal("The access token invalid", body.error_description)
+      assert.are.equal("The access token is invalid", body.error_description)
     end)
 
     it("should return 401 Unauthorized when token has expired", function()