[ 
https://issues.apache.org/jira/browse/CASSPYTHON-26?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bret McGuire updated CASSPYTHON-26:
-----------------------------------
    Fix Version/s: 4.0.0

> Remove ssl_options 
> -------------------
>
>                 Key: CASSPYTHON-26
>                 URL: https://issues.apache.org/jira/browse/CASSPYTHON-26
>             Project: Apache Cassandra Python driver
>          Issue Type: Improvement
>            Reporter: Bret McGuire
>            Priority: Normal
>             Fix For: 4.0.0
>
>
> The 3.x Python driver supports two distinct methods of configuring SSL:
> * Creation of a standalone SSLContext which is then passed in to the Cluster 
> via the ssl_context arg
> * A dict of keyword args to the SSLContext.wrap_socket() call (passed via the 
> ssl_options arg)
> ** Note that we switched to SSLContext.wrap_socket() in 3.29.0 with [this 
> commit|https://github.com/apache/cassandra-python-driver/commit/8ff0ba0db62512cdbd868b809ac15a16e01ef94b]
> ** Prior to that point we would use ssl.wrap_socket() if an SSLContext wasn't 
> provided
> ssl.wrap_socket() was deprecated in Python 3.7 and completely removed in 
> Python 3.12.  To make things even worse the args used in ssl.wrap_socket() 
> and SSLContext.wrap_socket() are similar but not exactly the same.  An 
> example: the "cert_req" argument supported in ssl_options applied directly to 
> ssl.wrap_socket() but doesn't have a clear equivalent in 
> SSLContext.wrap_socket().
> We should remove ssl_options in it's entirety and require the user to 
> configure and supply an SSLContext in order to use SSL with their cluster.  
> This simplifies our API space while also steering the user towards familiar 
> Python structures rather than an ssl_options dict which isn't intuitive.  
> Note that we've had a [TODO in the 
> code|https://github.com/apache/cassandra-python-driver/blob/3.30.0/cassandra/cluster.py#L812-L813]
>  to make this change at the next major for a long time so this is hardly a 
> new idea.
> Note that this will also entail some significant changes to the [docs on 
> security|https://github.com/apache/cassandra-python-driver/blob/trunk/docs/security.rst]...
>  although it looks like they could use some freshening up anyway.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to