Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-14083

[OM] Update queryable snapshot/restores to disable TLSv1 and ciphers

    XMLWordPrintable

    Details

    • Last comment by Customer:
      true
    • Story Points:
      2
    • Sprint:
      CET: Umbra (5 - 11 Jan 21), CET: Vega (12 - 18 Jan 21), CET: Fugees (16-22 Mar 21)

      Description

      Description

      https://jira.mongodb.org/browse/CLOUDP-74113
      Disable DH-1024 Ciphers for Queryable Backup ProxyServer listener
      was resolved in Ops Manager 4.2.22 and 4.4.6

      https://jira.mongodb.org/browse/CLOUDP-70734
      Ops Manager Queryable Snapshot Proxy Server Port does not enforce minimum TLS version using mms.minimumTLSVersion
      was resolved in 4.2.21 and 4.4.5

      but per this comment
      "I backported the code however I couldn't disabled TLSv1 and ciphers by default since it will affect other customers. Please advice this client to put the following to conf-mms.properties::

      brs.queryable.tls.disabledProtocols=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.3
      brs.queryable.tls.disabledCiphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
      

      These settings are currently undocumented and should possibly be added to the following Documentation for customers to disable TLSv1 and ciphers for queryable snapshot/restores:

      Ops Manager Configuration Settings > Queryable Snapshot Configuration
      Ops Manager Application Settings > Queryable Snapshot Configuration

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

        Attachments

          Activity

            People

            Assignee:
            tony.sansone Anthony Sansone
            Reporter:
            charles.merrill Charles Merrill
            Participants:
            Last commenter:
            Githook User Githook User
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since reply:
              12 weeks, 5 days ago
              Date of 1st Reply: