I did take a look into the source code of 3.11, but I believe the code is more
or less the same.
The SSL code makes use of Java SSL Sockets so you can limit the protocols in
the "Java way".
The java way (at least for a recent Java 8) is to setup the protocols in the
Or to define a system property on the command line (-Dhttps.protocols =
There are multiple options for SSL configuration in the config
The most interesting one in your situation would be the cipher_suites option,
which allows you
to limit the avaliable cipher suites e.g. to
(which is a TLS1.2-only cipher suite).
You can check the offered protocols for your server with an open source tool
like sslyze (https://github.com/nabla-c0d3/sslyze)
Von: "Lou DeGenaro" <lou.degen...@gmail.com>
An: "user" <email@example.com>
Gesendet: Dienstag, 24. April 2018 11:21:06
Betreff: Re: How to configure Cassandra to NOT use SSLv2?
Can someone please can tell me how to prevent Cassandra 3.0.9 from using SSLv2?
Happy to use a newer version of Cassandra if that's what's required.
On Sat, Apr 21, 2018 at 8:30 AM, Lou DeGenaro < [ mailto:lou.degen...@gmail.com
| lou.degen...@gmail.com ] > wrote:
On Fri, Apr 20, 2018 at 10:26 PM, Michael Shuler < [
mailto:mich...@pbandjelly.org | mich...@pbandjelly.org ] > wrote:
On 04/20/2018 08:46 AM, Lou DeGenaro wrote:
> Could you be more specific? What does one specify exactly to assure
> SSLv2 is not used for both client-server and server-server
> communications? Example yaml statements would be wonderful.
The defaults in cassandra.yaml have only TLS specified in the current
branch HEADs. I'm pretty sure SSLv2/3 removal was a post-POODLE commit.
It's possible you may be on something older - what version are we
To unsubscribe, e-mail: [ mailto:user-unsubscr...@cassandra.apache.org |
For additional commands, e-mail: [ mailto:user-h...@cassandra.apache.org |