Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36618

Write JS integration tests that validate whichever TLS suites are available on each Evergreen platform

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.1.4
    • Affects Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Fully Compatible
    • Security 2018-09-24, Security 2018-10-08
    • 46

      We should write a JSTest which spins up a mongod, connects to it, and extracts information about which TLS protocols/suites are supported. Eventually, we'll want to assert that ECDHE and DHE are supported on all platforms. However, until we get to that point, we should only assert that they're available where they exist today.

      We should validate that all platforms support TLS 1.1 and TLS 1.2, and do not support TLS 1.0 or below.

      We should validate that no "weak" ciphers are offered.

      Amazon Linux 1 will explicitly not be required to support ECDHE, due to its copy of OpenSSL's buildoptions.

            Assignee:
            shreyas.kalyan@mongodb.com Shreyas Kalyan
            Reporter:
            greg.mckeon@mongodb.com Gregory McKeon (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: