docs/troubleshooting/error-messages/invalid-ssl-prot-error.rst
Trying to connect cqlsh with ScyllaDB 3.x results in TLSv1.2 is not a valid SSL protocol error. Recent ScyllaDB versions did not allow the use of the TLSv1 protocol and yet cqlsh seems to use it by default. The solution is to upgrade to a more recent version of ScyllaDB which contains the patch to fix the issue. If this is not an option, change the cqlshrc file to contain the following:
.. code-block:: yaml
[ssl] certfile=<path to cert file> version=TLSv1_2
Alternatively, you can set the SSL_VERSION environment variable in the Linux shell. The proper way to do that is via the export command. If you prefer, you can apply the environment variable to a single run of cqlsh only, using SSL_VERSION=TLSv1_2 cqlsh [args]
Encryption: Data in Transit Node to Node </operating-scylla/security/node-node-encryption>Encryption Data in Transit Client to Node </operating-scylla/security/client-node-encryption/>Generating a self-signed Certificate Chain Using openssl </operating-scylla/security/generate-certificate/>Authorization</operating-scylla/security/authorization/>