-
Type: Sub-task
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
This should probably result in a few DOCS tickets so I'm creating it here.
Our documentation about encryption for in-flight data refers only to SSL. I know that SSL and TLS are often used synonymously but not every one does (because they are not) and there is no mention of TLS in our security documentation. In fact, as I understand it, we have disabled the use of SSLv2 and SSLv3 at the sever level so we are only using TLS 1.0+ for establishing encrypted channels.
I proposed we at least add some detail in our documentation about what SSL/TLS versions are enable/disabled as well as perhaps change references to SSL to TLS/SSL or even just TLS. Right now it takes a lot of digging to determine that we even support TLS 1.2 and I don't think there's anything customer facing that says that. The fact that we use OpenSSL implies it can take a lot of digging for a customer to arrive at that conclusion (or, worst case, not).
- is related to
-
DOCS-4295 Specify SSL/TLS instead of only SSL in docs
- Closed