Skip to content

Enhance secure connection protocol#24436

Merged
tdcmeehan merged 1 commit intoprestodb:masterfrom
adkharat:use_tls_stronger_protocol
Jan 27, 2025
Merged

Enhance secure connection protocol#24436
tdcmeehan merged 1 commit intoprestodb:masterfrom
adkharat:use_tls_stronger_protocol

Conversation

@adkharat
Copy link
Contributor

@adkharat adkharat commented Jan 27, 2025

Description

CWE: Weak SSL/TLS protocols should not be used

SSLContext result = SSLContext.getInstance("TLS"); // Automatically selects the best supported version

Motivation and Context

Enhanced Security Protocol to TLS"SSL" uses older and insecure protocols such as SSLv2 and SSLv3, which are vulnerable to attacks like POODLE.
"TLSv1.2" make use of the more modern and secure TLS 1.2 protocol, which mitigates known vulnerabilities in earlier versions of SSL/TLS.

Impact

Backward Compatibility:
If the client does not support TLS 1.2 (e.g., very old systems or devices), the connection may fail.

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Cassandra Connector Changes
* Improve cryptographic protocol in response to `java:S4423 <https://sonarqube.ow2.org/coding_rules?open=java%3AS4423&rule_key=java%3AS4423>`_. :pr:`24436`


@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jan 27, 2025
@adkharat adkharat changed the title Enhanced Security Protocol to TLS Enhanced secure connection protocol Jan 27, 2025
@adkharat adkharat changed the title Enhanced secure connection protocol Enhance secure connection protocol Jan 27, 2025
@adkharat adkharat force-pushed the use_tls_stronger_protocol branch from 262f5c0 to 18eb68e Compare January 27, 2025 07:36
@adkharat adkharat marked this pull request as ready for review January 27, 2025 10:07
@adkharat adkharat requested a review from a team as a code owner January 27, 2025 10:07
@adkharat adkharat requested a review from presto-oss January 27, 2025 10:07
@tdcmeehan tdcmeehan merged commit 85259c3 into prestodb:master Jan 27, 2025
53 checks passed
shangm2 pushed a commit to shangm2/presto that referenced this pull request Jan 30, 2025
jp-sivaprasad pushed a commit to jp-sivaprasad/presto that referenced this pull request Mar 10, 2025
@prestodb-ci prestodb-ci requested review from a team, ScrapCodes and imsayari404 and removed request for a team April 3, 2025 04:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants