Details

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 01112017-cleanup
    • None
    • None
    • None

    Description

      This should probably result in a few DOCS tickets so I'm creating it here.

      Our documentation about encryption for in-flight data refers only to SSL. I know that SSL and TLS are often used synonymously but not every one does (because they are not) and there is no mention of TLS in our security documentation. In fact, as I understand it, we have disabled the use of SSLv2 and SSLv3 at the sever level so we are only using TLS 1.0+ for establishing encrypted channels.

      I proposed we at least add some detail in our documentation about what SSL/TLS versions are enable/disabled as well as perhaps change references to SSL to TLS/SSL or even just TLS. Right now it takes a lot of digging to determine that we even support TLS 1.2 and I don't think there's anything customer facing that says that. The fact that we use OpenSSL implies it can take a lot of digging for a customer to arrive at that conclusion (or, worst case, not).

      Attachments

        Activity

          People

            kay.kim@mongodb.com Kay Kim (Inactive)
            james.kerr James Kerr
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              8 years, 40 weeks, 5 days ago