Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34911

Restrict TLS ciphers supported by servers and clients

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Gone away
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Networking, Security

      There are a wide variety of ciphers suites, defined across the TLS RFCs. These suites will specify the hashing algorithm and the asymmetric and symmetric cryptography used in the TLS conversation. Some suites provide useful properties, like Perfect Forward Secrecy.

      The server and shell should restrict themselves to using a limited set of suites which provide PFS, and use modern algorithms which are considered to have wide security margins.

      Below are a set of cipher suites which would be supported.

      Cipher Suites
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

            Assignee:
            kenneth.white@mongodb.com Kenneth White
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated:
              Resolved: