Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-16695

cqlsh should prefer newer TLS version by default

    XMLWordPrintableJSON

    Details

      Description

      Some new JDK releases started to disable TLSv1.0 and TLSv1.1.

      https://www.oracle.com/java/technologies/javase/8u291-relnotes.html

       

      However, the code in:

      https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65

      is defaulting to those rather old versions,

      which could lead to the following problem:

      ('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried connecting to [('10.101.34.89', 9042)]. Last error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:618)")}) 

       

      Python2 default TLS protocol

      https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS

      Python3 default TLS protocol

      https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS

       

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                e.dimitrova Ekaterina Dimitrova
                Reporter:
                justinchu Justin Chu
                Authors:
                Ekaterina Dimitrova
                Reviewers:
                Adam Holmberg, Brandon Williams, David Capwell
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: