Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance secure connection protocol #24436

Merged
merged 1 commit into from
Jan 27, 2025
Merged

Enhance secure connection protocol #24436

merged 1 commit into from
Jan 27, 2025

Conversation

adkharat
Copy link
Contributor

@adkharat adkharat commented Jan 27, 2025
edited by tdcmeehan
Loading

Description

CWE: Weak SSL/TLS protocols should not be used

SSLContext result = SSLContext.getInstance("TLS"); // Automatically selects the best supported version

Motivation and Context

Enhanced Security Protocol to TLS"SSL" uses older and insecure protocols such as SSLv2 and SSLv3, which are vulnerable to attacks like POODLE.
"TLSv1.2" make use of the more modern and secure TLS 1.2 protocol, which mitigates known vulnerabilities in earlier versions of SSL/TLS.

Impact

Backward Compatibility:
If the client does not support TLS 1.2 (e.g., very old systems or devices), the connection may fail.

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Cassandra Connector Changes
* Improve cryptographic protocol in response to `java:S4423 <https://sonarqube.ow2.org/coding_rules?open=java%3AS4423&rule_key=java%3AS4423>`_. :pr:`24436`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jan 27, 2025
@adkharat adkharat changed the title Enhanced Security Protocol to TLS Enhanced secure connection protocol Jan 27, 2025
@adkharat adkharat changed the title Enhanced secure connection protocol Enhance secure connection protocol Jan 27, 2025
@adkharat adkharat force-pushed the use_tls_stronger_protocol branch from 262f5c0 to 18eb68e Compare January 27, 2025 07:36
@adkharat adkharat marked this pull request as ready for review January 27, 2025 10:07
@adkharat adkharat requested a review from a team as a code owner January 27, 2025 10:07
@adkharat adkharat requested a review from presto-oss January 27, 2025 10:07
@tdcmeehan tdcmeehan merged commit 85259c3 into prestodb:master Jan 27, 2025
53 checks passed
This was referenced Jan 28, 2025
Merged
Closed
shangm2 pushed a commit to shangm2/presto that referenced this pull request Jan 30, 2025
@adkharat @shangm2
Enhanced Security Protocol to TLS (prestodb#24436)
a0fc929
@ShahimSharafudeen ShahimSharafudeen mentioned this pull request Feb 3, 2025
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tdcmeehan tdcmeehan tdcmeehan approved these changes

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@adkharat @tdcmeehan @prestodb-ci