[jira] [Commented] (CASSANDRA-9544) Allow specification of TLS protocol to use for cqlsh
[
https://issues.apache.org/jira/browse/CASSANDRA-9544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15145252#comment-15145252
]
Cott Lang commented on CASSANDRA-9544:
--
[~thobbs] Despite the name, SSLv23 allows TLS 1.1 and TLS 1.2 to work, whereas
TLSv1 does not. This makes it more complicated to properly secure Cassandra
with TLS 1.2. SSLv23 seems to be the 'normal' way of making a client SSL call.
TLS 1.0+ should be enforced on the server side.
The error text also seems to be incorrect - it's TLSv1_1 or TLSv1_2 rather than
TLSv1.1 or TLSv1.2.
Thanks.
> Allow specification of TLS protocol to use for cqlsh
>
>
> Key: CASSANDRA-9544
> URL: https://issues.apache.org/jira/browse/CASSANDRA-9544
> Project: Cassandra
> Issue Type: Improvement
> Components: Tools
>Reporter: Jesse Szwedko
>Assignee: Jesse Szwedko
> Labels: cqlsh, docs-impacting, tls
> Fix For: 2.1.9, 2.2.0
>
>
> Currently when using {{cqlsh}} with {{--ssl}} it tries to use TLS 1.0 to
> connect. I have my server only serving TLS 1.2 which means that I cannot
> connect.
> It would be nice if {{cqlsh}} allowed the TLS protocol it uses to connect to
> be configured.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (CASSANDRA-9544) Allow specification of TLS protocol to use for cqlsh
[
https://issues.apache.org/jira/browse/CASSANDRA-9544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14617012#comment-14617012
]
Tyler Hobbs commented on CASSANDRA-9544:
I like adding the ability to configure the ssl protocol version, but I think
keeping TLSv1 as the default is the best option. It's the Cassandra default,
it has always been the cqlsh default, and it should be the most secure choice.
I've created a [branch with the
changes|https://github.com/thobbs/cassandra/tree/CASSANDRA-9544].
Pending CI test runs:
* [2.1
dtest|http://cassci.datastax.com/view/Dev/view/thobbs/job/thobbs-CASSANDRA-9544-dtest/]
* [2.2
testall|http://cassci.datastax.com/view/Dev/view/thobbs/job/thobbs-CASSANDRA-9544-testall/]
Allow specification of TLS protocol to use for cqlsh
Key: CASSANDRA-9544
URL: https://issues.apache.org/jira/browse/CASSANDRA-9544
Project: Cassandra
Issue Type: Improvement
Components: Tools
Reporter: Jesse Szwedko
Labels: cqlsh, tls
Currently when using {{cqlsh}} with {{--ssl}} it tries to use TLS 1.0 to
connect. I have my server only serving TLS 1.2 which means that I cannot
connect.
It would be nice if {{cqlsh}} allowed the TLS protocol it uses to connect to
be configured.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (CASSANDRA-9544) Allow specification of TLS protocol to use for cqlsh
[
https://issues.apache.org/jira/browse/CASSANDRA-9544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14617194#comment-14617194
]
Jesse Szwedko commented on CASSANDRA-9544:
--
Makes sense, thanks for reviewing!
Allow specification of TLS protocol to use for cqlsh
Key: CASSANDRA-9544
URL: https://issues.apache.org/jira/browse/CASSANDRA-9544
Project: Cassandra
Issue Type: Improvement
Components: Tools
Reporter: Jesse Szwedko
Labels: cqlsh, docs-impacting, tls
Currently when using {{cqlsh}} with {{--ssl}} it tries to use TLS 1.0 to
connect. I have my server only serving TLS 1.2 which means that I cannot
connect.
It would be nice if {{cqlsh}} allowed the TLS protocol it uses to connect to
be configured.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (CASSANDRA-9544) Allow specification of TLS protocol to use for cqlsh
[
https://issues.apache.org/jira/browse/CASSANDRA-9544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14610273#comment-14610273
]
Tyler Hobbs commented on CASSANDRA-9544:
[~jszwedko] sorry, looks like this slipped through the cracks. I should be
able to take a look at your patch shortly.
Allow specification of TLS protocol to use for cqlsh
Key: CASSANDRA-9544
URL: https://issues.apache.org/jira/browse/CASSANDRA-9544
Project: Cassandra
Issue Type: Improvement
Components: Tools
Reporter: Jesse Szwedko
Labels: cqlsh, tls
Currently when using {{cqlsh}} with {{--ssl}} it tries to use TLS 1.0 to
connect. I have my server only serving TLS 1.2 which means that I cannot
connect.
It would be nice if {{cqlsh}} allowed the TLS protocol it uses to connect to
be configured.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (CASSANDRA-9544) Allow specification of TLS protocol to use for cqlsh
[
https://issues.apache.org/jira/browse/CASSANDRA-9544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14610486#comment-14610486
]
Jesse Szwedko commented on CASSANDRA-9544:
--
No worries! I just re-remembered it while changing the way we are installing
our fork.
Allow specification of TLS protocol to use for cqlsh
Key: CASSANDRA-9544
URL: https://issues.apache.org/jira/browse/CASSANDRA-9544
Project: Cassandra
Issue Type: Improvement
Components: Tools
Reporter: Jesse Szwedko
Labels: cqlsh, tls
Currently when using {{cqlsh}} with {{--ssl}} it tries to use TLS 1.0 to
connect. I have my server only serving TLS 1.2 which means that I cannot
connect.
It would be nice if {{cqlsh}} allowed the TLS protocol it uses to connect to
be configured.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (CASSANDRA-9544) Allow specification of TLS protocol to use for cqlsh
[
https://issues.apache.org/jira/browse/CASSANDRA-9544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14609642#comment-14609642
]
Jesse Szwedko commented on CASSANDRA-9544:
--
Any word on if this might get merged in?
Allow specification of TLS protocol to use for cqlsh
Key: CASSANDRA-9544
URL: https://issues.apache.org/jira/browse/CASSANDRA-9544
Project: Cassandra
Issue Type: Improvement
Components: Tools
Reporter: Jesse Szwedko
Labels: cqlsh, tls
Currently when using {{cqlsh}} with {{--ssl}} it tries to use TLS 1.0 to
connect. I have my server only serving TLS 1.2 which means that I cannot
connect.
It would be nice if {{cqlsh}} allowed the TLS protocol it uses to connect to
be configured.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (CASSANDRA-9544) Allow specification of TLS protocol to use for cqlsh
[
https://issues.apache.org/jira/browse/CASSANDRA-9544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14571814#comment-14571814
]
Jesse Szwedko commented on CASSANDRA-9544:
--
This patch also changes the default to {{SSLv23}} which is the most flexible
and likely to work with all server configurations.
Allow specification of TLS protocol to use for cqlsh
Key: CASSANDRA-9544
URL: https://issues.apache.org/jira/browse/CASSANDRA-9544
Project: Cassandra
Issue Type: Improvement
Components: Tools
Reporter: Jesse Szwedko
Labels: cqlsh, tls
Currently when using {{cqlsh}} with {{--ssl}} it tries to use TLS 1.0 to
connect. I have my server only serving TLS 1.2 which means that I cannot
connect.
It would be nice if {{cqlsh}} allowed the TLS protocol it uses to connect to
be configured.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
