Unable to connect cassandra 4.0.7 using cqlsh when cassandra is enabled for TLSv1.3. Datastax driver version is driver-3.25.0
./cqlsh --debug --ssl --cqlshrc /apache-cassandra/conf/cqlshrc <IP_ADDRESS> 9042
Using CQL driver: <module 'cassandra' from '/apache-cassandra/bin/../lib/cassandra-driver-internal-only-3.25.0.zip/cassandra-driver-3.25.0/cassandra/__init__.py'>
Using connect timeout: 5 seconds
Using 'utf-8' encoding
Using ssl: True
TLSv1_3 is not a valid SSL protocol, please use one of TLS, TLSv1_2, TLSv1_1, or TLSv1
Please note that all cassandra nodes are up and running , Also the application is running fine.
It looks like the version of cqlsh included with Cassandra 4.0.7 (cqlsh 6.0.0) does not support TLS 1.3. This is explicitly visible in the
pylib/cqlshlib/sslhandling.py
file in theget_best_tls_protocol
method:One approach here, would be set the
version
property in the[SSL]
section of the cqlshrc file to "TLS":But the better way is to just not set it. Either of these approaches will cause it to connect while negotiating the highest possible TLS version.
I recommend the latter, as the latest cqlsh version (6.1.0) included with Cassandra 4.1 displays a warning whenever that property is set, disregards its value, and auto-negotiates the TLS version.