[
https://issues.apache.org/jira/browse/CASSANDRA-17365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brad Schoening updated CASSANDRA-17365:
---------------------------------------
Description:
According to [https://docs.python.org/3/library/ssl.html] use of explicit TLS
versions v1, v1_1 and v1_2 has been deprecated in Python 3.6+ in favor of
auto-negotiation of the highest protocol version that both the client and
server support.
* {{{}ssl.{}}}{{{}PROTOCOL_TLSv1{}}}
* {{{}ssl.{}}}{{{}PROTOCOL_TLSv1_1{}}}
* {{{}ssl.{}}}{{{}PROTOCOL_TLSv1_2{}}}
The above are deprecated since version 3.6: OpenSSL has deprecated all version
specific protocols.
This affects cqlshlib/sslhandling.py and cqlshlib/test/test_sslhandling.py. And
also config files test/config/
{sslhandling.config, sslhandling_invalid.config}
"NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL
3.0, TLS 1.0, and TLS 1.1 not be used"
https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF
was:
According to [https://docs.python.org/3/library/ssl.html] use of explicit TLS
versions v1, v1_1 and v1_2 has been deprecated in Python 3.6+ in favor of
auto-negotiation of the highest protocol version that both the client and
server support.
* {{{}ssl.{}}}{{{}PROTOCOL_TLSv1{}}}
* {{{}ssl.{}}}{{{}PROTOCOL_TLSv1_1{}}}
* {{{}ssl.{}}}{{{}PROTOCOL_TLSv1_2{}}}
The above are deprecated since version 3.6: OpenSSL has deprecated all version
specific protocols.
This affects cqlshlib/sslhandling.py and cqlshlib/test/test_sslhandling.py. And
also config files test/config/{sslhandling.config, sslhandling_invalid.config}
> Remove deprecated version specific TLS in CQLSH
> -----------------------------------------------
>
> Key: CASSANDRA-17365
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17365
> Project: Cassandra
> Issue Type: Task
> Components: CQL/Interpreter
> Reporter: Brad Schoening
> Assignee: Brad Schoening
> Priority: Normal
> Fix For: 4.x
>
>
> According to [https://docs.python.org/3/library/ssl.html] use of explicit TLS
> versions v1, v1_1 and v1_2 has been deprecated in Python 3.6+ in favor of
> auto-negotiation of the highest protocol version that both the client and
> server support.
> * {{{}ssl.{}}}{{{}PROTOCOL_TLSv1{}}}
> * {{{}ssl.{}}}{{{}PROTOCOL_TLSv1_1{}}}
> * {{{}ssl.{}}}{{{}PROTOCOL_TLSv1_2{}}}
> The above are deprecated since version 3.6: OpenSSL has deprecated all
> version specific protocols.
> This affects cqlshlib/sslhandling.py and cqlshlib/test/test_sslhandling.py.
> And also config files test/config/
> {sslhandling.config, sslhandling_invalid.config}
>
> "NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL
> 3.0, TLS 1.0, and TLS 1.1 not be used"
> https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
