Hi All, I’ve hit some trouble recently around restricting ciphers for clients on a test Cassandra 4.0.4 cluster, we’d like to be able to control the Ciphers offered via Cassandra for both TLS 1.2 and 1.3. Was wondering if anyone has had any luck with getting my particular use case to work.
I’ve added the following snippit to the Cassandra.yaml file for all the nodes in my cluster client_encryption_options: enabled: true keystore: /etc/cassandra/keystore.jks keystore_password: cassandra truststore: /etc/cassandra/truststore.jks truststore_password: redacted require_client_auth: false cipher_suites: [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384] accepted_protocols: [TLSv1.2, TLSv1.3] The server correctly only offers two ciphers for TLS 1.2, but it offers 3 for TLS 1.3, if I remove the cipher suite list, the same TLS 1.3 list remains, these log lines are outputted at startup: INFO o.a.cassandra.security.SSLFactory Native transport enabled TLS protocols: TLSv1.2, TLSv1.3 INFO o.a.cassandra.security.SSLFactory Native transport enabled cipher suites: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256 If I use testssl.sh (my preferred tester for this kind of stuff) to check the available ciphers per TLS version I get the following output: Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC) ----------------------------------------------------------------------------------------------------------------------------- SSLv2 SSLv3 TLS 1 TLS 1.1 TLS 1.2 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS 1.3 x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384 x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256 If I remove the references to TLSv1.2 and only use 1.3, I still can’t control the ciphers, the same three are always present for TLSv1.3, regardless of what value I provide for cipher_suites. I am wondering if there is a bug in Cassandra (or more likely Netty) that prevents us from controlling TLS 1.3 ciphers? Or if this is expected behaviour? I apologise in advance if this question has previously been answered, but I cannot find anything in the archives or forums about this. Thanks, Jackson
