Details
-
Task
-
Resolution: Done
-
Major - P3
-
None
Description
- Add support for authenticated GCM encryption mode in addition to CBC mode for Encrypted Storage Engine
- Key rotation is only supported for KMIP master keys and is performed by using the following command line flag: --kmipRotateMasterKey
If no --kmipKeyIdentifier is provided, the server will either request a new key from the KMIP server or try to request the key id specified.
Attachments
Issue Links
- documents
-
SERVER-19845 Support Master Key Rotation
-
- Closed
-
-
SERVER-19399 Add GCM support in the OpenSSL crypto wrapper
-
- Closed
-