[SERVER-38141] Incorrect usage of MONGO_CONFIG_HAS_SSL_SET_ECDH_AUTO prevents enabling of elliptic curve auto negotiation - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.6.14, 4.1.6, 4.0.13
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.0, v3.6
Sprint:
Security 2018-11-19, Security 2018-12-03

Description

In ssl_manager_openssl.cpp, the setup code checks to see if the version of openssl supports elliptic curve auto negotiation via the macro MONGO_CONFIG_HAVE_SSL_SET_ECDH_AUTO. The macro is actually defined to be MONGO_CONFIG_HAS_SSL_SET_ECDH_AUTO, so this check always fails and auto negotiation is never enabled.

Fix the naming of elliptic curve related config defines to match the "HAVE" of previous defines.

Attachments

Issue Links

has to be done before

SERVER-36617 Hardcode a default Diffie-Hellman parameter when ECDHE is enabled

Closed

Activity

People

Assignee:: Patrick Freed

Reporter:: Patrick Freed

Participants:: Githook User, Patrick Freed

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: Nov 14 2018 10:48:53 PM UTC

Updated:: Sep 11 2019 05:59:04 PM UTC

Resolved:: Nov 21 2018 03:59:34 PM UTC