Skip to content

Enhance secure connection protocol#24436

Merged
tdcmeehan merged 1 commit intoprestodb:masterfrom
adkharat:use_tls_stronger_protocol
Jan 27, 2025
Merged

Enhance secure connection protocol#24436
tdcmeehan merged 1 commit intoprestodb:masterfrom
adkharat:use_tls_stronger_protocol

Conversation

@adkharat
Copy link
Contributor

@adkharat adkharat commented Jan 27, 2025
edited by tdcmeehan
Loading

Description

CWE: Weak SSL/TLS protocols should not be used

SSLContext result = SSLContext.getInstance("TLS"); // Automatically selects the best supported version

Motivation and Context

Enhanced Security Protocol to TLS"SSL" uses older and insecure protocols such as SSLv2 and SSLv3, which are vulnerable to attacks like POODLE.
"TLSv1.2" make use of the more modern and secure TLS 1.2 protocol, which mitigates known vulnerabilities in earlier versions of SSL/TLS.

Impact

Backward Compatibility:
If the client does not support TLS 1.2 (e.g., very old systems or devices), the connection may fail.

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Cassandra Connector Changes
* Improve cryptographic protocol in response to `java:S4423 <https://sonarqube.ow2.org/coding_rules?open=java%3AS4423&rule_key=java%3AS4423>`_. :pr:`24436`

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jan 27, 2025
@adkharat adkharat changed the title Enhanced Security Protocol to TLS Enhanced secure connection protocol Jan 27, 2025
@adkharat adkharat changed the title Enhanced secure connection protocol Enhance secure connection protocol Jan 27, 2025
@adkharat adkharat force-pushed the use_tls_stronger_protocol branch from 262f5c0 to 18eb68e Compare January 27, 2025 07:36
@adkharat adkharat marked this pull request as ready for review January 27, 2025 10:07
@adkharat adkharat requested a review from a team as a code owner January 27, 2025 10:07
@adkharat adkharat requested a review from presto-oss January 27, 2025 10:07
@tdcmeehan tdcmeehan merged commit 85259c3 into prestodb:master Jan 27, 2025
53 checks passed
This was referenced Jan 28, 2025
Merged
Closed
shangm2 pushed a commit to shangm2/presto that referenced this pull request Jan 30, 2025
@adkharat @shangm2
Enhanced Security Protocol to TLS (prestodb#24436)
a0fc929
@ShahimSharafudeen ShahimSharafudeen mentioned this pull request Feb 3, 2025
Merged
6 tasks
This was referenced Mar 7, 2025
Closed
Closed
jp-sivaprasad pushed a commit to jp-sivaprasad/presto that referenced this pull request Mar 10, 2025
@adkharat @jp-sivaprasad
Enhanced Security Protocol to TLS (prestodb#24436)
7e66854
@prestodb-ci prestodb-ci requested review from a team, ScrapCodes and imsayari404 and removed request for a team April 3, 2025 04:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdcmeehan tdcmeehan tdcmeehan approved these changes

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

@ScrapCodes ScrapCodes Awaiting requested review from ScrapCodes ScrapCodes was automatically assigned from prestodb/ibm-reviewers

@imsayari404 imsayari404 Awaiting requested review from imsayari404 imsayari404 was automatically assigned from prestodb/ibm-reviewers

Assignees

No one assigned

Labels

from:IBM PR from IBM Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@adkharat @tdcmeehan @ethanyzhang @prestodb-ci