You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Ekaterina Dimitrova (Jira)" <ji...@apache.org> on 2021/05/27 17:19:00 UTC

[jira] [Commented] (CASSANDRA-16695) cqlsh should prefer newer TLS version by default

    [ https://issues.apache.org/jira/browse/CASSANDRA-16695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17352637#comment-17352637 ] 

Ekaterina Dimitrova commented on CASSANDRA-16695:
-------------------------------------------------

[Patch|https://github.com/ekaterinadimitrova2/cassandra/commit/d28b29b7275aa31ebdf46fe5f6e7a4ba1a023b8d] | [CI 2.2 |https://ci-cassandra.apache.org/job/Cassandra-devbranch/810/] | [CI 3.0|https://ci-cassandra.apache.org/job/Cassandra-devbranch/811/] | [CI 3.11|https://ci-cassandra.apache.org/job/Cassandra-devbranch/812/] | [CI 4.0|https://ci-cassandra.apache.org/job/Cassandra-devbranch/813/] | [CI trunk|https://ci-cassandra.apache.org/job/Cassandra-devbranch/814/]

I want to see the completion of the CI runs before officially putting the patch in being ready for review

> cqlsh should prefer newer TLS version by default
> ------------------------------------------------
>
>                 Key: CASSANDRA-16695
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16695
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tool/cqlsh
>            Reporter: Justin Chu
>            Assignee: Ekaterina Dimitrova
>            Priority: Normal
>              Labels: cqlsh
>             Fix For: 4.0, 2.2.x, 3.0.x, 3.11.x, 4.0-rc, 4.x
>
>
> Some new JDK releases started to disable TLSv1.0 and TLSv1.1.
> [https://www.oracle.com/java/technologies/javase/8u291-relnotes.html]
>  
> However, the code in:
> [https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65]
> is defaulting to those rather old versions,
> which could lead to the following problem:
> {code:java}
> ('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried connecting to [('10.101.34.89', 9042)]. Last error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:618)")}) {code}
>  
> Python2 default TLS protocol
> [https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS]
> Python3 default TLS protocol
> [https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS]
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org