[
https://issues.apache.org/jira/browse/CASSANDRA-9544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145252#comment-15145252
]
Cott Lang commented on CASSANDRA-9544:
--------------------------------------
[~thobbs] Despite the name, SSLv23 allows TLS 1.1 and TLS 1.2 to work, whereas
TLSv1 does not. This makes it more complicated to properly secure Cassandra
with TLS 1.2. SSLv23 seems to be the 'normal' way of making a client SSL call.
TLS 1.0+ should be enforced on the server side.
The error text also seems to be incorrect - it's TLSv1_1 or TLSv1_2 rather than
TLSv1.1 or TLSv1.2.
Thanks.
> Allow specification of TLS protocol to use for cqlsh
> ----------------------------------------------------
>
> Key: CASSANDRA-9544
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9544
> Project: Cassandra
> Issue Type: Improvement
> Components: Tools
> Reporter: Jesse Szwedko
> Assignee: Jesse Szwedko
> Labels: cqlsh, docs-impacting, tls
> Fix For: 2.1.9, 2.2.0
>
>
> Currently when using {{cqlsh}} with {{--ssl}} it tries to use TLS 1.0 to
> connect. I have my server only serving TLS 1.2 which means that I cannot
> connect.
> It would be nice if {{cqlsh}} allowed the TLS protocol it uses to connect to
> be configured.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
