Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 3.6.9, 4.0.4, 4.1.4, 3.4.24
Affects Version/s: None
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Backport Requested:

v4.0, v3.6, v3.4
Sprint:
Security 2018-10-08, Security 2018-10-22
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

ArchLinux has just received packages for OpenSSL 1.1.1, which provides support for TLS 1.3.

ssl_manager_openssl.cpp attempts to increment TLS version counts for TLS 1.3, if it is compiled against a version of OpenSSL which exposes a relevant preprocessor macro. However, TLSVersionCounts is missing the member variable which needs to be incremented.

This causes compilation to fail.

We likely additionally need an "unknown" field. MongoDB binaries compiled against old versions of OpenSSL, but dynamically linked against newer versions may be able to negotiate TLS 1.3 while not having access to compile time constants which identify the protocol.

In order to test this functionality, we will need to add support for TLS 1.3 to be used in tlsDisableProtocols, on platforms that support the protocol

causes

SERVER-44993 ssl_count_protocols.js should not evaluate test most protocols on OS X on 3.4

Closed

duplicates

SERVER-37137 Allow TLS 1.3 to be used in --tlsDisabledProtocols

Closed

is duplicated by

SERVER-37366 Compiling Error encountered in Mongodb 3.6.8

Closed

Assignee:: Spencer Jackson
Reporter:: Spencer Jackson
Participants:: Dimitri John Ledkov, Githook User, Spencer Jackson
Votes:: 2 Vote for this issue
Watchers:: 5 Start watching this issue

Created:: Sep 14 2018 12:50:48 PM UTC
Updated:: Oct 29 2023 10:28:12 PM UTC
Resolved:: Oct 10 2018 05:38:19 PM UTC
Confidence Status Last Update:: 26/Sep/18 3:28 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates