Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12145

Docs for SERVER-37135: TLSVersionCounts needs to track and report TLS 1.3

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 4.1.4, 3.6.9, 4.0.4, 3.4.24
    • manual, Server
    • None

    Description

      Description

      Description:

      sslDisabledProtocols now accepts 'TLS1_3' as a protocol which can be disabled. Not all platforms support TLS 1.3. As yet, only OpenSSL 1.1.1 is able to do so. Setting this value on platforms which do not support TLS 1.3 is a no-op, as TLS 1.3 was already disabled.

      Engineering Ticket Description:

      ArchLinux has just received packages for OpenSSL 1.1.1, which provides support for TLS 1.3.

      ssl_manager_openssl.cpp attempts to increment TLS version counts for TLS 1.3, if it is compiled against a version of OpenSSL which exposes a relevant preprocessor macro. However, TLSVersionCounts is missing the member variable which needs to be incremented.

      This causes compilation to fail.

      We likely additionally need an "unknown" field. MongoDB binaries compiled against old versions of OpenSSL, but dynamically linked against newer versions may be able to negotiate TLS 1.3 while not having access to compile time constants which identify the protocol.

      In order to test this functionality, we will need to add support for TLS 1.3 to be used in tlsDisableProtocols, on platforms that support the protocol

      Scope of changes

      Just the options since backported. (no specific 4.2 changes)

      Impact to Other Docs

      none

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

      Attachments

        Issue Links

          Activity

            People

              kay.kim@mongodb.com Kay Kim (Inactive)
              kay.kim@mongodb.com Kay Kim (Inactive)
              Githook User Githook User
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                2 years, 20 weeks, 5 days ago