Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.1.6
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Sprint:
Security 2018-12-03
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

OpenSSL only allows you to explicitly exclude TLS/SSL versions, not enable specific ones. In tls_enumerator.py, we do not exclude TLS 1.3 when probing for suites in other TLS/SSL versions. No errors appear in our current testing suites because none of the testing variants build mongod with TLS 1.3 / OpenSSL 1.1.1 support. Once we introduce a build variant with TLS 1.3 support, build failures will be generated as-is.

To fix this, exclude TLS 1.3 when probing for ciphers in other protocols.

Assignee:: Patrick Freed
Reporter:: Patrick Freed
Participants:: Githook User, Patrick Freed
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Nov 27 2018 12:41:45 AM UTC
Updated:: Oct 29 2023 10:26:21 PM UTC
Resolved:: Nov 29 2018 09:08:47 PM UTC
Confidence Status Last Update:: 27/Nov/18 4:49 PM

Details

Description

Attachments

Activity

People

Dates