Details
-
Improvement
-
Status: Resolved
-
Normal
-
Resolution: Fixed
Description
Some new JDK releases started to disable TLSv1.0 and TLSv1.1.
https://www.oracle.com/java/technologies/javase/8u291-relnotes.html
However, the code in:
https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65
is defaulting to those rather old versions,
which could lead to the following problem:
('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried connecting to [('10.101.34.89', 9042)]. Last error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:618)")})
Python2 default TLS protocol
https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS
Python3 default TLS protocol
https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS
Attachments
Issue Links
- is related to
-
CASSANDRA-16736 CQL shell should prefer newer TLS version by default
- Resolved