Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34911

Restrict TLS ciphers supported by servers and clients

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Gone away
    • None
    • None
    • Networking, Security

    Description

      There are a wide variety of ciphers suites, defined across the TLS RFCs. These suites will specify the hashing algorithm and the asymmetric and symmetric cryptography used in the TLS conversation. Some suites provide useful properties, like Perfect Forward Secrecy.

      The server and shell should restrict themselves to using a limited set of suites which provide PFS, and use modern algorithms which are considered to have wide security margins.

      Below are a set of cipher suites which would be supported.

      Cipher Suites
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

      Attachments

        Issue Links

          Activity

            People

              kenneth.white@mongodb.com Kenneth White
              spencer.jackson@mongodb.com Spencer Jackson
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: