Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-16695

cqlsh should prefer newer TLS version by default

Agile BoardAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Some new JDK releases started to disable TLSv1.0 and TLSv1.1.

      https://www.oracle.com/java/technologies/javase/8u291-relnotes.html

       

      However, the code in:

      https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65

      is defaulting to those rather old versions,

      which could lead to the following problem:

      ('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried connecting to [('10.101.34.89', 9042)]. Last error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:618)")}) 

       

      Python2 default TLS protocol

      https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS

      Python3 default TLS protocol

      https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS

       

       

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            e.dimitrova Ekaterina Dimitrova Assign to me
            justinchu Justin Chu
            Ekaterina Dimitrova
            Adam Holmberg, Brandon Williams, David Capwell
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment