Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36618

Write JS integration tests that validate whichever TLS suites are available on each Evergreen platform

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 4.1.4
    • None
    • Security
    • None
    • Fully Compatible
    • Security 2018-09-24, Security 2018-10-08
    • 46

    Description

      We should write a JSTest which spins up a mongod, connects to it, and extracts information about which TLS protocols/suites are supported. Eventually, we'll want to assert that ECDHE and DHE are supported on all platforms. However, until we get to that point, we should only assert that they're available where they exist today.

      We should validate that all platforms support TLS 1.1 and TLS 1.2, and do not support TLS 1.0 or below.

      We should validate that no "weak" ciphers are offered.

      Amazon Linux 1 will explicitly not be required to support ECDHE, due to its copy of OpenSSL's buildoptions.

      Attachments

        Activity

          People

            shreyas.kalyan@mongodb.com Shreyas Kalyan
            greg.mckeon@mongodb.com Gregory McKeon (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: