-
Enhancement
-
Resolution: Done
-
Major
-
1.5.0.Beta1
-
None
-
False
-
False
-
Undefined
-
Hello,
for moment, when we want to configure TLS connections with Cassandra, we are limited with the default ciphers supported by Netty.
Here an extract of the starting log:
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1615387530 bytes = { 98, 186, 19, 160, 108, 83, 50, 58, 65, 217, 199, 250, 59, 195, 11, 137, 153, 189, 1, 118, 115, 190, 194, 32, 243, 141, 173, 220 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension renegotiation_info, renegotiated_connection: <empty>
***
If for any reason, which is my case of course 
, you did not configure one use one of them, you can't enable TLS connections with Cassandra.
It will be nice to have at least for example:
- cassandra.ssl.enabledProtocols
- cassandra.ssl.ciphersuites
Can you improve this ?
