Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 9.0.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Sprint:
Monguard 2026-03-27, Monguard 2026-05-01
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Add an config option to configure a range of TLS protocols that monguard should support from TLS 1.0 - TLS 1.3.

The config option is optional. If it is not specified, then the default range should be TLS 1.2 - 1.3, which is consistent with the server.

Although TLS 1.0 and 1.1 are outdated and deprecated, the server still permits them via explicit configuration. Removing support for them in monguard right away risks backwards compatibility issues. We should log a warning if the supplied range allows for TLS 1.0 and 1.1, but not disallow it.

All of this should get propagated into OpenSSL.

Assignee:: Anand Paithankar
Reporter:: Varun Ravichandran
Participants:: Anand Paithankar, Varun Ravichandran
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Mar 02 2026 06:03:49 PM UTC
Updated:: Apr 21 2026 11:32:44 PM UTC
Resolved:: Apr 21 2026 11:32:44 PM UTC

Details

Description

Attachments

Activity

People

Dates