Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-37135

TLSVersionCounts needs to track and report TLS 1.3

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6.9, 4.0.4, 4.1.4, 3.4.24
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v4.0, v3.6, v3.4
    • Sprint:
      Security 2018-10-08, Security 2018-10-22

      Description

      ArchLinux has just received packages for OpenSSL 1.1.1, which provides support for TLS 1.3.

      ssl_manager_openssl.cpp attempts to increment TLS version counts for TLS 1.3, if it is compiled against a version of OpenSSL which exposes a relevant preprocessor macro. However, TLSVersionCounts is missing the member variable which needs to be incremented.

      This causes compilation to fail.

      We likely additionally need an "unknown" field. MongoDB binaries compiled against old versions of OpenSSL, but dynamically linked against newer versions may be able to negotiate TLS 1.3 while not having access to compile time constants which identify the protocol.

      In order to test this functionality, we will need to add support for TLS 1.3 to be used in tlsDisableProtocols, on platforms that support the protocol

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              spencer.jackson Spencer Jackson
              Reporter:
              spencer.jackson Spencer Jackson
              Participants:
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: