[jira] [Created] (CASSANDRA-16695) cqlsh should prefer newer TLS version by default

Justin Chu (Jira) Tue, 25 May 2021 11:10:05 -0700

Justin Chu created CASSANDRA-16695:
--------------------------------------

             Summary: cqlsh should prefer newer TLS version by default
                 Key: CASSANDRA-16695
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16695
             Project: Cassandra
          Issue Type: Bug
          Components: Tool/cqlsh
            Reporter: Justin Chu



Some new JDK releases started to disable TLSv1.0 and TLSv1.1.

[https://www.oracle.com/java/technologies/javase/8u291-relnotes.html]

 

However, the code in:

[https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65]

is defaulting to those rather old versions,

which could lead to the following problem:
{code:java}
('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried 
connecting to [('10.101.34.89', 9042)]. Last error: [SSL: WRONG_VERSION_NUMBER] 
wrong version number (_ssl.c:618)")}) {code}
 

Python2 default TLS protocol

[https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS]

Python3 default TLS protocol

[https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS]

 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (CASSANDRA-16695) cqlsh should prefer newer TLS version by default

Reply via email to