[ https://issues.apache.org/jira/browse/CASSANDRA-17365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518060#comment-17518060 ]
Stefan Miklosovic commented on CASSANDRA-17365: ----------------------------------------------- I am +1. [~brandon.williams] would you take a look, please? > Remove deprecated version specific TLS in CQLSH > ----------------------------------------------- > > Key: CASSANDRA-17365 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17365 > Project: Cassandra > Issue Type: Task > Components: CQL/Interpreter > Reporter: Brad Schoening > Assignee: Brad Schoening > Priority: Normal > Fix For: 4.x > > Attachments: signature.asc > > > According to [https://docs.python.org/3/library/ssl.html] use of explicit TLS > versions v1, v1_1 and v1_2 has been deprecated in Python 3.6+ in favor of > auto-negotiation of the highest protocol version that both the client and > server support. > * {{{}ssl.{}}}{{{}PROTOCOL_TLSv1{}}} > * {{{}ssl.{}}}{{{}PROTOCOL_TLSv1_1{}}} > * {{{}ssl.{}}}{{{}PROTOCOL_TLSv1_2{}}} > The above are deprecated since version 3.6: OpenSSL has deprecated all > version specific protocols. > This affects cqlshlib/sslhandling.py and cqlshlib/test/test_sslhandling.py. > And also config files test/config/ > {sslhandling.config, sslhandling_invalid.config} > > "NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL > 3.0, TLS 1.0, and TLS 1.1 not be used" > [https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF] > The DataStax driver has addressed this in 3.25 with this update: > Update security documentation and examples to use PROTOCOL_TLS (PYTHON-1264) > [https://datastax-oss.atlassian.net/browse/PYTHON-1264] > [https://github.com/datastax/python-driver/commit/8331eca6cc96d8bd3af2e37bc64693747515c2b6] > This change will also remove the unit test class test_sslhandling.py which > only tested version lookups and nothing else with ssl. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org