[jira] [Commented] (CASSANDRA-21007) cassandra-stress defaults to deprecated TLS 1.2 cipher suite

Mon, 09 Feb 2026 13:15:07 -0800 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-21007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18057427#comment-18057427
 ] 

Jyothsna Konisa commented on CASSANDRA-21007:
---------------------------------------------

[~bschoeni]I missed closing the PR in trunk after merging it to trunk, just 
closed it. You said that you are gonna take care of backporting this to 5.0 and 
asked me to close the PR if is committed to trunk.

> cassandra-stress defaults to deprecated TLS 1.2 cipher suite
> ------------------------------------------------------------
>
>                 Key: CASSANDRA-21007
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-21007
>             Project: Apache Cassandra
>          Issue Type: Improvement
>          Components: Tool/stress
>            Reporter: Brad Schoening
>            Assignee: Rishabh Saraswat
>            Priority: Normal
>             Fix For: 5.0.x, 5.1
>
>         Attachments: ci_summary.html, image-2025-12-02-23-04-21-498.png, 
> image-2025-12-02-23-07-48-851.png, image-2025-12-02-23-08-30-782.png, 
> image-2025-12-09-19-57-39-314.png, image-2025-12-09-20-11-06-834.png, 
> image-2025-12-09-22-17-07-020.png, image-2025-12-10-11-24-29-509.png, 
> image-2025-12-10-11-25-13-030.png, image-2025-12-10-11-27-08-581.png, 
> image-2025-12-10-11-52-23-101.png, res.txt
>
>
> From what I understand, this cipher, used as the default in 
> {*}cassandra-stress{*}, is not compatible with TLS 1.3's handshake mechanism 
> as it lacks Perfect Forward Security (PFS).
> {code:java}
> final OptionSimple ciphers = new OptionSimple("ssl-ciphers=", ".*", 
> "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA", "SSL: comma 
> delimited list of encryption suites to use", false);
>  {code}
> [stress/settings/SettingsTransport.java|https://github.com/apache/cassandra/blob/cassandra-4.1/tools/stress/src/org/apache/cassandra/stress/settings/SettingsTransport.java#L80]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to