[jira] [Commented] (CASSANDRA-17365) Remove deprecated version specific TLS in CQLSH

Tue, 05 Apr 2022 08:09:09 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17517498#comment-17517498
 ] 

Brad Schoening commented on CASSANDRA-17365:
--------------------------------------------

[~smiklosovic] what documentation needs updating?  I wasn't able to find it 
either of the README.asc files.

> Remove deprecated version specific TLS in CQLSH
> -----------------------------------------------
>
>                 Key: CASSANDRA-17365
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17365
>             Project: Cassandra
>          Issue Type: Task
>          Components: CQL/Interpreter
>            Reporter: Brad Schoening
>            Assignee: Brad Schoening
>            Priority: Normal
>             Fix For: 4.x
>
>
> According to [https://docs.python.org/3/library/ssl.html] use of explicit TLS 
> versions v1, v1_1 and v1_2 has been deprecated in Python 3.6+ in favor of 
> auto-negotiation of the highest protocol version that both the client and 
> server support.
>  * {{{}ssl.{}}}{{{}PROTOCOL_TLSv1{}}}
>  * {{{}ssl.{}}}{{{}PROTOCOL_TLSv1_1{}}}
>  * {{{}ssl.{}}}{{{}PROTOCOL_TLSv1_2{}}}
> The above are deprecated since version 3.6: OpenSSL has deprecated all 
> version specific protocols.
> This affects cqlshlib/sslhandling.py and cqlshlib/test/test_sslhandling.py. 
> And also config files test/config/
> {sslhandling.config, sslhandling_invalid.config}
>  
> "NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 
> 3.0, TLS 1.0, and TLS 1.1 not be used"
> [https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF]
> The DataStax driver has addressed this in 3.25 with this update:
> Update security documentation and examples to use PROTOCOL_TLS (PYTHON-1264)
> [https://datastax-oss.atlassian.net/browse/PYTHON-1264]
> [https://github.com/datastax/python-driver/commit/8331eca6cc96d8bd3af2e37bc64693747515c2b6]
> This change will also remove the unit test class test_sslhandling.py which 
> only tested version lookups and nothing else with ssl.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to