cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cott Lang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-9544) Allow specification of TLS protocol to use for cqlsh
Date Fri, 12 Feb 2016 20:38:18 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-9544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15145252#comment-15145252
] 

Cott Lang commented on CASSANDRA-9544:
--------------------------------------

[~thobbs]  Despite the name, SSLv23 allows TLS 1.1 and TLS 1.2 to work, whereas TLSv1 does
not. This makes it more complicated to properly secure Cassandra with TLS 1.2.  SSLv23 seems
to be the 'normal' way of making a client SSL call. TLS 1.0+ should be enforced on the server
side.

The error text also seems to be incorrect - it's TLSv1_1 or TLSv1_2 rather than TLSv1.1 or
TLSv1.2.

Thanks.


> Allow specification of TLS protocol to use for cqlsh
> ----------------------------------------------------
>
>                 Key: CASSANDRA-9544
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9544
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Tools
>            Reporter: Jesse Szwedko
>            Assignee: Jesse Szwedko
>              Labels: cqlsh, docs-impacting, tls
>             Fix For: 2.1.9, 2.2.0
>
>
> Currently when using {{cqlsh}} with {{--ssl}} it tries to use TLS 1.0 to connect. I have
my server only serving TLS 1.2 which means that I cannot connect.
> It would be nice if {{cqlsh}} allowed the TLS protocol it uses to connect to be configured.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message