Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 8.3.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Sprint:
Server Security 2026-02-13, Server Security 2026-02-27, Server Security 2026-03-13
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

We would like to support proxies which terminate TLS. However, we have features which depend on the Server terminating TLS sessions, and having access to endpoint metadata. Specifically, we will need SNI, MONGODB-X509, and X.509 authorization to work via the proxy protocol. We should extend the proxy protocol to forward this information.

Note, this information is used authentication systems to make security decisions. We must continue to prevent the proxy protocol from being used by untrusted clients.

depends on

SERVER-118959 Support sub-TLV parsing for Proxy Protocol V2

Closed

SERVER-119784 Add support for supplying TLV in the proxy protocol python testing server

Closed

is depended on by

SERVER-121137 Remove skipProxyProtocolParsing failpoint

Closed

is related to

SERVER-119977 Expand python proxy protocol server to support sending ssl tlvs

Closed

related to

SERVER-119261 Add unixProxySocketPrefix parameter and create unix socket

Closed

Assignee:: Chye Lin Chee
Reporter:: Spencer Jackson
Participants:: Chye Lin Chee, Githook User, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Jan 27 2026 11:21:49 PM UTC
Updated:: Mar 12 2026 05:38:42 PM UTC
Resolved:: Mar 12 2026 05:38:42 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates