Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-580

Disable TLS renegotiation when possible

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Component/s: None

      TLS renegotiation is complicated, has been removed from TLS 1.3, and is not supported on the OS X and Windows native cryptography implementations. For consistency going forward, we should disable it on OpenSSL, if we are able to.

      Some versions of OpenSSL define SSL_OP_NO_RENEGOTIATION, which disables renegotiation on TLS 1.2 and before. Drivers using OpenSSL should set the SSL_OP_NO_RENEGOTIATION flag on the SSL Context when defined.

            Assignee:
            Unassigned Unassigned
            Reporter:
            bernie@mongodb.com Bernie Hackett
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: