Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 3.6.14, 4.1.6, 4.0.13
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.0, v3.6
Sprint:
Security 2018-11-19, Security 2018-12-03
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

In ssl_manager_openssl.cpp, the setup code checks to see if the version of openssl supports elliptic curve auto negotiation via the macro MONGO_CONFIG_HAVE_SSL_SET_ECDH_AUTO. The macro is actually defined to be MONGO_CONFIG_HAS_SSL_SET_ECDH_AUTO, so this check always fails and auto negotiation is never enabled.

Fix the naming of elliptic curve related config defines to match the "HAVE" of previous defines.

has to be done before

SERVER-36617 Hardcode a default Diffie-Hellman parameter when ECDHE is enabled

Closed

Assignee:: Patrick Freed
Reporter:: Patrick Freed
Participants:: Githook User, Patrick Freed
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Nov 14 2018 10:48:53 PM UTC
Updated:: Oct 29 2023 10:26:33 PM UTC
Resolved:: Nov 21 2018 03:59:34 PM UTC
Confidence Status Last Update:: 14/Nov/18 11:24 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates