Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-38258

Properly separate TLS 1.3 protocol in tls_enumerator.py

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.1.6
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Sprint:
      Security 2018-12-03

      Description

      OpenSSL only allows you to explicitly exclude TLS/SSL versions, not enable specific ones. In tls_enumerator.py, we do not exclude TLS 1.3 when probing for suites in other TLS/SSL versions. No errors appear in our current testing suites because none of the testing variants build mongod with TLS 1.3 / OpenSSL 1.1.1 support. Once we introduce a build variant with TLS 1.3 support, build failures will be generated as-is.

      To fix this, exclude TLS 1.3 when probing for ciphers in other protocols.

        Attachments

          Activity

            People

            Assignee:
            patrick.freed Patrick Freed
            Reporter:
            patrick.freed Patrick Freed
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: