Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-580

Disable TLS renegotiation when possible

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      NODE-1841 Fixed 3.2.0
      PYTHON-1726 Fixed 3.8
      PERL-1054 Done 2.1.1
      RUBY-1685 Fixed 2.10.0.rc0
      CXX-1717 Done
      PHPC-1315 Done
      RUST-131 Works as Designed
      MOTOR-299 Fixed 2.1
      CDRIVER-2934 Fixed 1.16.0
      SWIFT-487 Works as Designed
      JAVA-3505 Works as Designed
      CSHARP-2843 Backlog
      GODRIVER-1403 Works as Designed
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion NODE-1841 Fixed 3.2.0 PYTHON-1726 Fixed 3.8 PERL-1054 Done 2.1.1 RUBY-1685 Fixed 2.10.0.rc0 CXX-1717 Done PHPC-1315 Done RUST-131 Works as Designed MOTOR-299 Fixed 2.1 CDRIVER-2934 Fixed 1.16.0 SWIFT-487 Works as Designed JAVA-3505 Works as Designed CSHARP-2843 Backlog GODRIVER-1403 Works as Designed

    Description

      TLS renegotiation is complicated, has been removed from TLS 1.3, and is not supported on the OS X and Windows native cryptography implementations. For consistency going forward, we should disable it on OpenSSL, if we are able to.

      Some versions of OpenSSL define SSL_OP_NO_RENEGOTIATION, which disables renegotiation on TLS 1.2 and before. Drivers using OpenSSL should set the SSL_OP_NO_RENEGOTIATION flag on the SSL Context when defined.

      Attachments

        Activity

          People

            Unassigned Unassigned
            bernie@mongodb.com Bernie Hackett
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: