[SERVER-37135] TLSVersionCounts needs to track and report TLS 1.3 - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.6.9, 4.0.4, 4.1.4, 3.4.24
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Backport Requested:

v4.0, v3.6, v3.4
Sprint:
Security 2018-10-08, Security 2018-10-22

Description

ArchLinux has just received packages for OpenSSL 1.1.1, which provides support for TLS 1.3.

ssl_manager_openssl.cpp attempts to increment TLS version counts for TLS 1.3, if it is compiled against a version of OpenSSL which exposes a relevant preprocessor macro. However, TLSVersionCounts is missing the member variable which needs to be incremented.

This causes compilation to fail.

We likely additionally need an "unknown" field. MongoDB binaries compiled against old versions of OpenSSL, but dynamically linked against newer versions may be able to negotiate TLS 1.3 while not having access to compile time constants which identify the protocol.

In order to test this functionality, we will need to add support for TLS 1.3 to be used in tlsDisableProtocols, on platforms that support the protocol

Attachments

Issue Links

causes

SERVER-44993 ssl_count_protocols.js should not evaluate test most protocols on OS X on 3.4

Closed

duplicates

SERVER-37137 Allow TLS 1.3 to be used in --tlsDisabledProtocols

Closed

is documented by

DOCS-12145 Docs for SERVER-37135: TLSVersionCounts needs to track and report TLS 1.3

Closed

is duplicated by

SERVER-37366 Compiling Error encountered in Mongodb 3.6.8

Closed

Activity

People

Assignee:: Spencer Jackson

Reporter:: Spencer Jackson

Participants:: Dimitri John Ledkov, Githook User, Spencer Jackson

Votes:: 2 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: Sep 14 2018 12:50:48 PM UTC

Updated:: Dec 06 2019 06:53:55 PM UTC

Resolved:: Oct 10 2018 05:38:19 PM UTC