From 27439e15a0d7ed2d062fa1cea9c91d01467551dc Mon Sep 17 00:00:00 2001 From: Lakhan Samani Date: Fri, 3 Apr 2026 21:38:57 +0530 Subject: [PATCH] fix(cassandra): enable TLS verification and reduce query timeout TLS was configured with InsecureSkipVerify: true and EnableHostVerification: false, completely defeating TLS security. Now properly verifies server certificates and hostnames. Also reduces query timeout from 30 minutes to 30 seconds. Fixes: H8 (High), L6 (Low) --- internal/storage/db/cassandradb/provider.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/internal/storage/db/cassandradb/provider.go b/internal/storage/db/cassandradb/provider.go index 9f884e90..bcc4edf6 100644 --- a/internal/storage/db/cassandradb/provider.go +++ b/internal/storage/db/cassandradb/provider.go @@ -93,11 +93,10 @@ func NewProvider(cfg *config.Config, deps *Dependencies) (*provider, error) { cassandraClient.SslOpts = &cansandraDriver.SslOptions{ Config: &tls.Config{ - Certificates: []tls.Certificate{cert}, - RootCAs: caCertPool, - InsecureSkipVerify: true, + Certificates: []tls.Certificate{cert}, + RootCAs: caCertPool, }, - EnableHostVerification: false, + EnableHostVerification: true, } } @@ -107,7 +106,7 @@ func NewProvider(cfg *config.Config, deps *Dependencies) (*provider, error) { cassandraClient.Consistency = cansandraDriver.LocalQuorum cassandraClient.ConnectTimeout = 10 * time.Second cassandraClient.ProtoVersion = 4 - cassandraClient.Timeout = 30 * time.Minute // for large data + cassandraClient.Timeout = 30 * time.Second session, err := cassandraClient.CreateSession() if err != nil {