24 lines
1.2 KiB
ReStructuredText
24 lines
1.2 KiB
ReStructuredText
====================
|
|
Invalid SSL Protocol
|
|
====================
|
|
|
|
Trying to connect cqlsh with ScyllaDB 3.x results in **TLSv1.2 is not a valid SSL protocol** error.
|
|
Recent ScyllaDB versions did not allow the use of the TLSv1 protocol and yet cqlsh seems to use it by default.
|
|
The solution is to upgrade to a more recent version of ScyllaDB which contains the patch to fix the issue.
|
|
If this is not an option, change the cqlshrc file to contain the following:
|
|
|
|
.. code-block:: yaml
|
|
|
|
[ssl]
|
|
certfile=<path to cert file>
|
|
version=TLSv1_2
|
|
|
|
Alternatively, you can set the SSL_VERSION environment variable in the Linux shell. The proper way to do that is via the ``export`` command. If you prefer, you can apply the environment variable to a single run of cqlsh only, using SSL_VERSION=TLSv1_2 cqlsh [args]
|
|
|
|
See Also
|
|
--------
|
|
* :doc:`Encryption: Data in Transit Node to Node </operating-scylla/security/node-node-encryption>`
|
|
* :doc:`Encryption Data in Transit Client to Node </operating-scylla/security/client-node-encryption/>`
|
|
* :doc:`Generating a self-signed Certificate Chain Using openssl </operating-scylla/security/generate-certificate/>`
|
|
* :doc:`Authorization</operating-scylla/security/authorization/>`
|