-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
Documentation Request Summary:
This change makes NativeTLS the default build mode for OSX binaries. See PM-305 for a full list of the changes this represents including:
- (/)Support for TLS 1.1 and 1.2 (
DOCS-11654) - Support for Security Keychain and System CA (
DOCS-11426) Remove of some OpenSSL specific esoteric functionality.- Backwards Breaking Change: Encrypted PEM files are not supported on Apple (lacks ability to decode PEMs encrypted with AES) and Windows (no support at all) (
DOCS-11608)
-
- Current Plan Of Record is to advise customers to use certificate selectors as more secure alternative
- On macOS, sslCRLFile is not supported.
Engineering Ticket Description:
Change the macOS SSL and Enterprise builds to use "--ssl-provider=native".
Create an OpenSSL daily build variant to ensure it continues to work.
Scope of changes:
- core/security-encryption-at-rest
- tutoria/configure-encryption
- source/includes/options-conf.yaml
Impact to other docs outside of this product:
MVP:
Resources:
- documents
-
SERVER-33833 Change macOS SSL and Enterprise builds to SecureTransport
- Closed
- is related to
-
DOCS-11856 Update SSL/TLS Configuration Tutorial for 4.0
- Closed
-
DOCS-11654 Docs for SERVER-34390: Make OS X binaries speak TLS 1.2
- Closed