[jira] [Commented] (CASSANDRA-21007) cassandra-stress defaults to deprecated TLS 1.2 cipher suite

Tue, 31 Mar 2026 03:10:07 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-21007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18069865#comment-18069865
 ] 

Stefan Miklosovic commented on CASSANDRA-21007:
-----------------------------------------------

What is the commit for trunk it was merged in? The ticket should always reflect 
what was merged, at least in description or as additional comment.

The  closed PR for 5.0 (1) is still valid? That is the one which should be 
backported? 

(1) https://github.com/apache/cassandra/pull/4526

> cassandra-stress defaults to deprecated TLS 1.2 cipher suite
> ------------------------------------------------------------
>
>                 Key: CASSANDRA-21007
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-21007
>             Project: Apache Cassandra
>          Issue Type: Improvement
>          Components: Tool/stress
>            Reporter: Brad Schoening
>            Assignee: Rishabh Saraswat
>            Priority: Normal
>             Fix For: 5.0.x, 6.x
>
>         Attachments: ci_summary.html, image-2025-12-02-23-04-21-498.png, 
> image-2025-12-02-23-07-48-851.png, image-2025-12-02-23-08-30-782.png, 
> image-2025-12-09-19-57-39-314.png, image-2025-12-09-20-11-06-834.png, 
> image-2025-12-09-22-17-07-020.png, image-2025-12-10-11-24-29-509.png, 
> image-2025-12-10-11-25-13-030.png, image-2025-12-10-11-27-08-581.png, 
> image-2025-12-10-11-52-23-101.png, res.txt
>
>
> From what I understand, this cipher, used as the default in 
> {*}cassandra-stress{*}, is not compatible with TLS 1.3's handshake mechanism 
> as it lacks Perfect Forward Security (PFS).
> {code:java}
> final OptionSimple ciphers = new OptionSimple("ssl-ciphers=", ".*", 
> "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA", "SSL: comma 
> delimited list of encryption suites to use", false);
>  {code}
> [stress/settings/SettingsTransport.java|https://github.com/apache/cassandra/blob/cassandra-4.1/tools/stress/src/org/apache/cassandra/stress/settings/SettingsTransport.java#L80]
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to