[
https://issues.apache.org/jira/browse/CASSANDRA-16695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17360257#comment-17360257
]
Ekaterina Dimitrova commented on CASSANDRA-16695:
-------------------------------------------------
Some base tests were added
[here|https://github.com/ekaterinadimitrova2/cassandra/commit/8438676eb6f53472b59f3e4f37c14bf101102f2e]
Circle CI runs: [Java
8|https://app.circleci.com/pipelines/github/ekaterinadimitrova2/cassandra/950/workflows/848f0373-8b40-46fc-9d2c-1b50695dc4be/jobs/5668/steps]|
[Java
11|https://app.circleci.com/pipelines/github/ekaterinadimitrova2/cassandra/950/workflows/5e14a77d-2741-46a8-8a8f-4909fb9c2dcc/jobs/5672]
Patch created by Kamlesh Ghoradkar with a bit of guidance from [~justinchu].
Thank you both!
The current tests assume that TLSv1 is supported in the environment they are
run, [~tomasz.lasica] expressed a concern that it is possible that some tests
will fail if a platform on which test is run does not support {{TLSv1. A
suggestion is to try to detect what is supported by the OS but in a quick check
I saw that this is done in a different ways depending on which Python version
we use. Considering that these tests are improvement, I am wondering whether we
should add them now or improve them after 4.0}}
[~mck], [~brandon.williams] - up for review and second opinion?
The tests are currently added only to the 4.0 branch, I will port them to the
other branches when we agree on the final patch.
> cqlsh should prefer newer TLS version by default
> ------------------------------------------------
>
> Key: CASSANDRA-16695
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16695
> Project: Cassandra
> Issue Type: Improvement
> Components: Tool/cqlsh
> Reporter: Justin Chu
> Assignee: Ekaterina Dimitrova
> Priority: Normal
> Labels: cqlsh
> Fix For: 4.0, 2.2.x, 3.0.x, 3.11.x, 4.0-rc, 4.x
>
>
> Some new JDK releases started to disable TLSv1.0 and TLSv1.1.
> [https://www.oracle.com/java/technologies/javase/8u291-relnotes.html]
>
> However, the code in:
> [https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65]
> is defaulting to those rather old versions,
> which could lead to the following problem:
> {code:java}
> ('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried
> connecting to [('10.101.34.89', 9042)]. Last error: [SSL:
> WRONG_VERSION_NUMBER] wrong version number (_ssl.c:618)")}) {code}
>
> Python2 default TLS protocol
> [https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS]
> Python3 default TLS protocol
> [https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS]
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
