[
https://issues.apache.org/jira/browse/CASSANDRA-16695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17362074#comment-17362074
]
Ekaterina Dimitrova commented on CASSANDRA-16695:
-------------------------------------------------
Great, so [~dcapwell], I assume now you are also +1 as a reviewer? I believe
this is THE test we needed. :)
I will propagate to all patches and run CI soon to commit it tonight if there
are no other concerns.
> cqlsh should prefer newer TLS version by default
> ------------------------------------------------
>
> Key: CASSANDRA-16695
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16695
> Project: Cassandra
> Issue Type: Improvement
> Components: Tool/cqlsh
> Reporter: Justin Chu
> Assignee: Ekaterina Dimitrova
> Priority: Normal
> Labels: cqlsh
> Fix For: 4.0, 2.2.x, 3.0.x, 3.11.x, 4.0-rc, 4.x
>
>
> Some new JDK releases started to disable TLSv1.0 and TLSv1.1.
> [https://www.oracle.com/java/technologies/javase/8u291-relnotes.html]
>
> However, the code in:
> [https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65]
> is defaulting to those rather old versions,
> which could lead to the following problem:
> {code:java}
> ('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried
> connecting to [('10.101.34.89', 9042)]. Last error: [SSL:
> WRONG_VERSION_NUMBER] wrong version number (_ssl.c:618)")}) {code}
>
> Python2 default TLS protocol
> [https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS]
> Python3 default TLS protocol
> [https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS]
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
