[ https://issues.apache.org/jira/browse/CASSANDRA-16695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17361960#comment-17361960 ]
Brandon Williams edited comment on CASSANDRA-16695 at 6/11/21, 6:44 PM: ------------------------------------------------------------------------ This LGTM too, +1. was (Author: brandon.williams): This LGTM too, and I also would prefer tests. > cqlsh should prefer newer TLS version by default > ------------------------------------------------ > > Key: CASSANDRA-16695 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16695 > Project: Cassandra > Issue Type: Improvement > Components: Tool/cqlsh > Reporter: Justin Chu > Assignee: Ekaterina Dimitrova > Priority: Normal > Labels: cqlsh > Fix For: 4.0, 2.2.x, 3.0.x, 3.11.x, 4.0-rc, 4.x > > > Some new JDK releases started to disable TLSv1.0 and TLSv1.1. > [https://www.oracle.com/java/technologies/javase/8u291-relnotes.html] > > However, the code in: > [https://github.com/apache/cassandra/blob/trunk/pylib/cqlshlib/sslhandling.py#L56-L65] > is defaulting to those rather old versions, > which could lead to the following problem: > {code:java} > ('Unable to connect to any servers', {'10.101.34.89:9042': error(1, u"Tried > connecting to [('10.101.34.89', 9042)]. Last error: [SSL: > WRONG_VERSION_NUMBER] wrong version number (_ssl.c:618)")}) {code} > > Python2 default TLS protocol > [https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLS] > Python3 default TLS protocol > [https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS] > > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org