Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-16695

cqlsh should prefer newer TLS version by default

    XMLWordPrintableJSON

Details

    Description

      Some new JDK releases started to disable TLSv1.0 and TLSv1.1.

      https://www.oracle.com/java/technologies/javase/8u291-relnotes.html

       

      However, the code in:

      https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65

      is defaulting to those rather old versions,

      which could lead to the following problem:

      ('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried connecting to [('10.101.34.89', 9042)]. Last error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:618)")}) 

       

      Python2 default TLS protocol

      https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS

      Python3 default TLS protocol

      https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS

       

       

      Attachments

        Issue Links

          Activity

            People

              e.dimitrova Ekaterina Dimitrova
              justinchu Justin Chu
              Ekaterina Dimitrova
              Adam Holmberg, Brandon Williams, David Capwell
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: