[jira] [Commented] (CASSANDRA-16695) cqlsh should prefer newer TLS version by default

Fri, 11 Jun 2021 10:19:07 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17361903#comment-17361903
 ] 

David Capwell commented on CASSANDRA-16695:
-------------------------------------------

bq. I am in favor of adding the tests now 

Same, I rather have tests now to show that this works (4.0 lets us choose what 
protocols we support, so we can disable 1.0 and 1.1 on the server and make sure 
the client works).

The patch looks good to me, only small nits left on the commit (free to 
ignore), but I would prefer to have tests showing that this patch fixes the 
issue (and without this patch fails showing the issue)

> cqlsh should prefer newer TLS version by default
> ------------------------------------------------
>
>                 Key: CASSANDRA-16695
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16695
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Tool/cqlsh
>            Reporter: Justin Chu
>            Assignee: Ekaterina Dimitrova
>            Priority: Normal
>              Labels: cqlsh
>             Fix For: 4.0, 2.2.x, 3.0.x, 3.11.x, 4.0-rc, 4.x
>
>
> Some new JDK releases started to disable TLSv1.0 and TLSv1.1.
> [https://www.oracle.com/java/technologies/javase/8u291-relnotes.html]
>  
> However, the code in:
> [https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65]
> is defaulting to those rather old versions,
> which could lead to the following problem:
> {code:java}
> ('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried 
> connecting to [('10.101.34.89', 9042)]. Last error: [SSL: 
> WRONG_VERSION_NUMBER] wrong version number (_ssl.c:618)")}) {code}
>  
> Python2 default TLS protocol
> [https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS]
> Python3 default TLS protocol
> [https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS]
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to