Details
-
Enhancement
-
Resolution: Done
-
Major
-
1.5.0.Beta1
-
None
-
False
-
False
-
Undefined
Description
Hello,
for moment, when we want to configure TLS connections with Cassandra, we are limited with the default ciphers supported by Netty.
Here an extract of the starting log:
*** ClientHello, TLSv1.2 RandomCookie: GMT: 1615387530 bytes = { 98, 186, 19, 160, 108, 83, 50, 58, 65, 217, 199, 250, 59, 195, 11, 137, 153, 189, 1, 118, 115, 190, 194, 32, 243, 141, 173, 220 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension extended_master_secret Extension renegotiation_info, renegotiated_connection: <empty> ***
If for any reason, which is my case of course , you did not configure one use one of them, you can't enable TLS connections with Cassandra.
It will be nice to have at least for example:
- cassandra.ssl.enabledProtocols
- cassandra.ssl.ciphersuites
Can you improve this ?