Support TLSv1.3 with LibreSSL

XMLWordPrintableJSON

    • Type: New Feature
    • Resolution: Gone away
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: libmongoc, tls
    • None
    • Not Needed
    • None
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      When LibreSSL supports TLSv1.3 (https://github.com/libressl-portable/portable/issues/228 we'll need to fix TLS reads for LibreSSL the same way we did for OpenSSL 1.1.1 (CDRIVER-2846). I think we have to add a should_retry boolean field to mongoc_stream_tls_libressl_t. The field is set to false before a handshake, read, or write. The field is set to true after an operation that returns TLS_WANT_POLLIN or TLS_WANT_POLLOUT. _mongoc_stream_tls_libressl_should_retry returns true if the field is set or if mongoc_stream_should_retry (tls->base_stream).

            Assignee:
            Unassigned
            Reporter:
            A. Jesse Jiryu Davis
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: