Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34558

Add SSL_version to client metadata logging

    XMLWordPrintable

    Details

    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v4.0, v3.6, v3.4
    • Epic Link:
    • Sprint:
      Platforms 2018-06-04, Platforms 2018-07-16, Platforms 2018-07-30
    • Linked BF Score:
      0

      Description

      Capturing a client's negotiated SSL_version will enable server-side admins to understand with their application stakeholders are ready for server-side configuration changes requiring higher minimum TLS versions.

      This can be done through a couple of different ways. First, we should record version counters in serverStatus. This will give a quick overview of the TLS ecosystem a server operates in, for humans and for machines. Secondly, the version should be logged, during connection establishment, so a manual inspection will reveal which versions were negotiated by particular IPs.

      This would preferably be back-ported to 3.2, 3.4, and 3.6

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: