[jira] [Commented] (CASSANDRA-16695) cqlsh should prefer newer TLS version by default

Ekaterina Dimitrova (Jira) Sat, 12 Jun 2021 11:23:05 -0700


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17362377#comment-17362377
 ]


Ekaterina Dimitrova commented on CASSANDRA-16695:
-------------------------------------------------

Patch committed:

DTest:

To https://github.com/apache/cassandra-dtest.git

   f9ff078c..c72f6960  trunk -> trunk

Cassandra repo:

To https://github.com/apache/cassandra.git

   24346d1789..a0af091a5c  cassandra-3.0 -> cassandra-3.0

   5a7326da54..0878f15361  cassandra-3.11 -> cassandra-3.11

   d93e43ed9b..e2c3efe3d5  cassandra-4.0 -> cassandra-4.0

   351c659598..d69a7e4b8a  cassandra-4.0.0 -> cassandra-4.0.0

   a978754691..eca21d9aea  trunk -> trunk

The issue with Cassandra 2.2 is that cqlsh tests are failing since more than 
year due to issue with configuration which should be fixed on CCM side I think 
after a very quick check. 

I commit the patch to the rest of the branches to unblock the road to 4.0 RC2 
and the suggestion is to take care of the tests and the patch for Cassandra 2.2 
a bit later before we drop the support for 2.2 as a last support to the 
community. I will open a separate ticket and close this one. 

 

> cqlsh should prefer newer TLS version by default
> ------------------------------------------------
>
>                 Key: CASSANDRA-16695
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16695
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Tool/cqlsh
>            Reporter: Justin Chu
>            Assignee: Ekaterina Dimitrova
>            Priority: Normal
>              Labels: cqlsh
>             Fix For: 4.0, 2.2.x, 3.0.x, 3.11.x, 4.0-rc, 4.x
>
>
> Some new JDK releases started to disable TLSv1.0 and TLSv1.1.
> [https://www.oracle.com/java/technologies/javase/8u291-relnotes.html]
>  
> However, the code in:
> [https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65]
> is defaulting to those rather old versions,
> which could lead to the following problem:
> {code:java}
> ('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried 
> connecting to [('10.101.34.89', 9042)]. Last error: [SSL: 
> WRONG_VERSION_NUMBER] wrong version number (_ssl.c:618)")}) {code}
>  
> Python2 default TLS protocol
> [https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS]
> Python3 default TLS protocol
> [https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS]
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (CASSANDRA-16695) cqlsh should prefer newer TLS version by default

Reply via email to