Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-14083

[OM] Update queryable snapshot/restores to disable TLSv1 and ciphers

XMLWordPrintableJSON

      Description

      https://jira.mongodb.org/browse/CLOUDP-74113
      Disable DH-1024 Ciphers for Queryable Backup ProxyServer listener
      was resolved in Ops Manager 4.2.22 and 4.4.6

      https://jira.mongodb.org/browse/CLOUDP-70734
      Ops Manager Queryable Snapshot Proxy Server Port does not enforce minimum TLS version using mms.minimumTLSVersion
      was resolved in 4.2.21 and 4.4.5

      but per this comment
      "I backported the code however I couldn't disabled TLSv1 and ciphers by default since it will affect other customers. Please advice this client to put the following to conf-mms.properties::

      brs.queryable.tls.disabledProtocols=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.3
brs.queryable.tls.disabledCiphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

      These settings are currently undocumented and should possibly be added to the following Documentation for customers to disable TLSv1 and ciphers for queryable snapshot/restores:

      Ops Manager Configuration Settings > Queryable Snapshot Configuration
      Ops Manager Application Settings > Queryable Snapshot Configuration

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

            Assignee:
            tony.sansone@mongodb.com Anthony Sansone (Inactive)
            Reporter:
            charles.merrill@mongodb.com Charles Merrill
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:
              2 years, 43 weeks ago