Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-11560

Docs for SERVER-33833: Change macOS SSL and Enterprise builds to SecureTransport

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.7.4, 4.0.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None

      Documentation Request Summary:

      This change makes NativeTLS the default build mode for OSX binaries. See PM-305 for a full list of the changes this represents including:

      • (/)Support for TLS 1.1 and 1.2 (DOCS-11654)
      • Support for Security Keychain and System CA (DOCS-11426)
      • Remove of some OpenSSL specific esoteric functionality.
      •  Backwards Breaking Change: Encrypted PEM files are not supported on Apple (lacks ability to decode PEMs encrypted with AES) and Windows (no support at all) (DOCS-11608)
        • Current Plan Of Record is to advise customers to use certificate selectors as more secure alternative
      • On macOS, sslCRLFile is not supported.

      Engineering Ticket Description:

      Change the macOS SSL and Enterprise builds to use "--ssl-provider=native".

      Create an OpenSSL daily build variant to ensure it continues to work.

      Scope of changes:

      • core/security-encryption-at-rest
      • tutoria/configure-encryption
      • source/includes/options-conf.yaml

      Impact to other docs outside of this product:

      MVP:

      Resources:

            Assignee:
            kay.kim@mongodb.com Kay Kim (Inactive)
            Reporter:
            kay.kim@mongodb.com Kay Kim (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:
              6 years, 1 week, 2 days ago