[
https://issues.apache.org/jira/browse/CASSANDRA-21007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18042260#comment-18042260
]
Rishabh Saraswat commented on CASSANDRA-21007:
----------------------------------------------
Also verified the TLS handshake with {{openssl s_client}} to confirm TLS 1.3
negotiation.
!image-2025-12-02-23-07-48-851.png!
> cassandra-stress defaults to deprecated TLS 1.2 cipher suite
> ------------------------------------------------------------
>
> Key: CASSANDRA-21007
> URL: https://issues.apache.org/jira/browse/CASSANDRA-21007
> Project: Apache Cassandra
> Issue Type: Improvement
> Components: Tool/stress
> Reporter: Brad Schoening
> Assignee: Rishabh Saraswat
> Priority: Normal
> Attachments: image-2025-12-02-23-04-21-498.png,
> image-2025-12-02-23-07-48-851.png
>
>
> From what I understand, this cipher, used as the default in
> {*}cassandra-stress{*}, is not compatible with TLS 1.3's handshake mechanism
> as it lacks Perfect Forward Security (PFS).
> {code:java}
> final OptionSimple ciphers = new OptionSimple("ssl-ciphers=", ".*",
> "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA", "SSL: comma
> delimited list of encryption suites to use", false);
> {code}
> [stress/settings/SettingsTransport.java|https://github.com/apache/cassandra/blob/cassandra-4.1/tools/stress/src/org/apache/cassandra/stress/settings/SettingsTransport.java#L80]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
