Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-48774

setting cipher list does not work for TLSv1.3 only (if TLS1_0, TLS1_1, TLS1_2 are disabled)

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.7.0
    • Affects Version/s: 4.2.7
    • Component/s: Security
    • None
    • Minor Change
    • ALL
    • Security 2020-07-13, Security 2020-07-27

      In ssl_manager_openssl.cpp, the OpenSSL API SSL_CTX_set_cipher_list() only works for TLSv1.2 and below. 

      If user configures TLSv1.3 only, SSL_CTX_set_cipher_list() returns 0 and causes an error: "Can not set supported cipher suites: "

      The related API for TLSv1.3 is SSL_CTX_set_ciphersuites().

      Reference: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_cipher_list.html

       

            Assignee:
            adam.cooper@mongodb.com Adam Cooper (Inactive)
            Reporter:
            zyyzhao@gmail.com Zhao Yuan
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: