[
https://issues.apache.org/jira/browse/CASSANDRA-21007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18044015#comment-18044015
]
Brad Schoening commented on CASSANDRA-21007:
--------------------------------------------
[~rishabhsaraswat] that's the correct output, but it's showing CQLSH connected
with TLS 1.3. Wanted to see cassandra-stress connected with TLS 1.3. Just run
cassandra-stress with your fix, use a large value for 'n' and in a separate
window run *nodetool clientstats --client-options.*
> cassandra-stress defaults to deprecated TLS 1.2 cipher suite
> ------------------------------------------------------------
>
> Key: CASSANDRA-21007
> URL: https://issues.apache.org/jira/browse/CASSANDRA-21007
> Project: Apache Cassandra
> Issue Type: Improvement
> Components: Tool/stress
> Reporter: Brad Schoening
> Assignee: Rishabh Saraswat
> Priority: Normal
> Attachments: image-2025-12-02-23-04-21-498.png,
> image-2025-12-02-23-07-48-851.png, image-2025-12-02-23-08-30-782.png,
> image-2025-12-09-19-57-39-314.png, image-2025-12-09-20-11-06-834.png,
> image-2025-12-09-22-17-07-020.png
>
>
> From what I understand, this cipher, used as the default in
> {*}cassandra-stress{*}, is not compatible with TLS 1.3's handshake mechanism
> as it lacks Perfect Forward Security (PFS).
> {code:java}
> final OptionSimple ciphers = new OptionSimple("ssl-ciphers=", ".*",
> "TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA", "SSL: comma
> delimited list of encryption suites to use", false);
> {code}
> [stress/settings/SettingsTransport.java|https://github.com/apache/cassandra/blob/cassandra-4.1/tools/stress/src/org/apache/cassandra/stress/settings/SettingsTransport.java#L80]
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
