diff --git a/.build/cassandra-deps-template.xml b/.build/cassandra-deps-template.xml
index 85e6609b698c..19ccac30bed7 100644
--- a/.build/cassandra-deps-template.xml
+++ b/.build/cassandra-deps-template.xml
@@ -170,6 +170,10 @@
com.github.jbellis
jamm
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
io.netty
netty-bom
@@ -179,6 +183,15 @@
io.netty
netty-all
+
+ io.netty
+ netty-transport-native-epoll
+
+
+ io.netty
+ netty-transport-native-epoll
+ linux-x86_64
+
diff --git a/.build/parent-pom-template.xml b/.build/parent-pom-template.xml
index b675cc153f4a..726483855930 100644
--- a/.build/parent-pom-template.xml
+++ b/.build/parent-pom-template.xml
@@ -340,6 +340,12 @@
com.google.jimfs
jimfs
1.1
+
+
+ com.google.guava
+ guava
+
+
org.hdrhistogram
@@ -719,19 +725,35 @@
io.netty
netty-bom
- 4.1.58.Final
+ 4.1.96.Final
pom
provided
io.netty
netty-all
- 4.1.58.Final
+ 4.1.96.Final
io.netty
netty-tcnative-boringssl-static
- 2.0.36.Final
+ 2.0.61.Final
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+ 1.70
+
+
+ io.netty
+ netty-transport-native-epoll
+ 4.1.94.Final
+
+
+ io.netty
+ netty-transport-native-epoll
+ 4.1.94.Final
+ linux-x86_64
diff --git a/CHANGES.txt b/CHANGES.txt
index 4f1749eb2519..921ad41f4d92 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
5.0
+ * Upgraded Netty to 4.1.96, added BouncyCastle dependency (CASSANDRA-17992)
* Fix for (unsupported) big endian unaligned architecture, eg s390x (CASSANDRA-17723)
* CIDR filtering authorizer (CASSANDRA-18592)
* Remove 3.x from the versions checked for prepared statement behaviour (CASSANDRA-18695)
diff --git a/build.xml b/build.xml
index fb2ac1454055..7c7efc0a5de1 100644
--- a/build.xml
+++ b/build.xml
@@ -1145,6 +1145,8 @@
+
+
diff --git a/conf/jvm11-server.options b/conf/jvm11-server.options
index 5fd1f26bad17..3a7278b69f34 100644
--- a/conf/jvm11-server.options
+++ b/conf/jvm11-server.options
@@ -112,4 +112,8 @@
# inferior performance and risks exceeding MaxDirectMemory
-Dio.netty.tryReflectionSetAccessible=true
+# Revert changes in defaults introduced in https://netty.io/news/2022/03/10/4-1-75-Final.html
+-Dio.netty.allocator.useCacheForAllThreads=true
+-Dio.netty.allocator.maxOrder=11
+
# The newline in the end of file is intentional
diff --git a/conf/jvm17-server.options b/conf/jvm17-server.options
index f0e7810eb111..53cc13c86b76 100644
--- a/conf/jvm17-server.options
+++ b/conf/jvm17-server.options
@@ -130,4 +130,8 @@
# inferior performance and risks exceeding MaxDirectMemory
-Dio.netty.tryReflectionSetAccessible=true
+# Revert changes in defaults introduced in https://netty.io/news/2022/03/10/4-1-75-Final.html
+-Dio.netty.allocator.useCacheForAllThreads=true
+-Dio.netty.allocator.maxOrder=11
+
# The newline in the end of file is intentional
diff --git a/test/distributed/org/apache/cassandra/distributed/test/InternodeEncryptionOptionsTest.java b/test/distributed/org/apache/cassandra/distributed/test/InternodeEncryptionOptionsTest.java
index 194ffb47a081..83bcaaad3c14 100644
--- a/test/distributed/org/apache/cassandra/distributed/test/InternodeEncryptionOptionsTest.java
+++ b/test/distributed/org/apache/cassandra/distributed/test/InternodeEncryptionOptionsTest.java
@@ -236,13 +236,14 @@ public void negotiatedProtocolMustBeAcceptedProtocolTest() throws Throwable
c.set("server_encryption_options",
ImmutableMap.builder().putAll(validKeystore)
.put("internode_encryption", "all")
- .put("accepted_protocols", ImmutableList.of("TLSv1.1", "TLSv1.2"))
+ .put("accepted_protocols", ImmutableList.of("TLSv1.1", "TLSv1.2", "TLSv1.3"))
.build());
}).start())
{
InetAddress address = cluster.get(1).config().broadcastAddress().getAddress();
int port = cluster.get(1).config().broadcastAddress().getPort();
+ // deprecated
TlsConnection tls10Connection = new TlsConnection(address.getHostAddress(), port, Collections.singletonList("TLSv1"));
Assert.assertEquals("Should not be possible to establish a TLSv1 connection",
ConnectResult.FAILED_TO_NEGOTIATE, tls10Connection.connect());
@@ -257,6 +258,11 @@ public void negotiatedProtocolMustBeAcceptedProtocolTest() throws Throwable
Assert.assertEquals("Should be possible to establish a TLSv1.2 connection",
ConnectResult.NEGOTIATED, tls12Connection.connect());
Assert.assertEquals("TLSv1.2", tls12Connection.lastProtocol());
+
+ TlsConnection tls13Connection = new TlsConnection(address.getHostAddress(), port, Collections.singletonList("TLSv1.3"));
+ Assert.assertEquals("Should be possible to establish a TLSv1.3 connection",
+ ConnectResult.NEGOTIATED, tls13Connection.connect());
+ Assert.assertEquals("TLSv1.3", tls13Connection.lastProtocol());
}
}
diff --git a/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java b/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java
index c8e9de69f09e..3e8c92648099 100644
--- a/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java
+++ b/test/distributed/org/apache/cassandra/distributed/test/NativeTransportEncryptionOptionsTest.java
@@ -170,7 +170,7 @@ public void negotiatedProtocolMustBeAcceptedProtocolTest() throws Throwable
c.set("client_encryption_options",
ImmutableMap.builder().putAll(validKeystore)
.put("enabled", true)
- .put("accepted_protocols", ImmutableList.of("TLSv1.1", "TLSv1.2"))
+ .put("accepted_protocols", ImmutableList.of("TLSv1.1", "TLSv1.2", "TLSv1.3"))
.build());
}).start())
{
@@ -191,6 +191,11 @@ public void negotiatedProtocolMustBeAcceptedProtocolTest() throws Throwable
Assert.assertEquals("Should be possible to establish a TLSv1.2 connection",
ConnectResult.NEGOTIATED, tls12Connection.connect());
Assert.assertEquals("TLSv1.2", tls12Connection.lastProtocol());
+
+ TlsConnection tls13Connection = new TlsConnection(address.getHostAddress(), port, Collections.singletonList("TLSv1.3"));
+ Assert.assertEquals("Should be possible to establish a TLSv1.3 connection",
+ ConnectResult.NEGOTIATED, tls13Connection.connect());
+ Assert.assertEquals("TLSv1.3", tls13Connection.lastProtocol());
}
}
diff --git a/test/simulator/main/org/apache/cassandra/simulator/ClusterSimulation.java b/test/simulator/main/org/apache/cassandra/simulator/ClusterSimulation.java
index 892e90438606..92e483487f7a 100644
--- a/test/simulator/main/org/apache/cassandra/simulator/ClusterSimulation.java
+++ b/test/simulator/main/org/apache/cassandra/simulator/ClusterSimulation.java
@@ -117,7 +117,8 @@ public class ClusterSimulation implements AutoCloseable
FutureCallback.class,
io.netty.util.concurrent.GenericFutureListener.class,
io.netty.channel.FileRegion.class,
- io.netty.util.ReferenceCounted.class
+ io.netty.util.ReferenceCounted.class,
+ io.netty.util.concurrent.FastThreadLocal.class
};
public static final Class[] ISOLATE = new Class[0];