Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-48774

setting cipher list does not work for TLSv1.3 only (if TLS1_0, TLS1_1, TLS1_2 are disabled)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 4.2.7
    • Fix Version/s: 4.7.0
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Minor Change
    • Operating System:
      ALL
    • Sprint:
      Security 2020-07-13, Security 2020-07-27

      Description

      In ssl_manager_openssl.cpp, the OpenSSL API SSL_CTX_set_cipher_list() only works for TLSv1.2 and below. 

      If user configures TLSv1.3 only, SSL_CTX_set_cipher_list() returns 0 and causes an error: "Can not set supported cipher suites: "

      The related API for TLSv1.3 is SSL_CTX_set_ciphersuites().

      Reference: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              adam.cooper Adam Cooper (Inactive)
              Reporter:
              zyyzhao@gmail.com Zhao Yuan
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: