Re: [PR] Update cassandra-stress default cipher suites to support tls 1.3 [cassandra]

Sat, 29 Nov 2025 20:29:19 -0800 


omniCoder77 commented on code in PR #4499:
URL: https://github.com/apache/cassandra/pull/4499#discussion_r2573337995


##########
tools/stress/src/org/apache/cassandra/stress/settings/SettingsTransport.java:
##########
@@ -89,7 +89,7 @@ static class TOptions extends GroupedOptions implements 
Serializable
         final OptionSimple protocol = new OptionSimple("ssl-protocol=", ".*", 
"TLS", "SSL: connection protocol to use", false);
         final OptionSimple alg = new OptionSimple("ssl-alg=", ".*", null, 
"SSL: algorithm", false);
         final OptionSimple ciphers = new OptionSimple("ssl-ciphers=", ".*",
-                                                      
"TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA",
+                                                      
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",

Review Comment:
   Thanks for the review. I looked at 
[SettingsCredentialsTest.java](https://github.com/apache/cassandra/blob/trunk/tools/stress/test/unit/org/apache/cassandra/stress/settings/SettingsCredentialsTest.java)
 and the other test files 
   in 
[tools/stress/test/unit](https://github.com/apache/cassandra/tree/trunk/tools/stress/test/unit/org/apache/cassandra/stress).
 The existing tests focus on configuration parsing but don't test cipher suite 
functionality or TLS handshakes.
   
   Since I'm only updating default cipher values and there's no pre-existing 
test pattern 
   for cipher configuration, I kept this PR focused on the bug fix itself. 
   
   If you'd like test coverage added, I'm happy to do that - but could you 
clarify what 
   should be tested? Should I:
   1. Just verify the default cipher string is set correctly (simple config 
test)?
   2. Test actual TLS 1.3 handshakes (would need test server setup)?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to