Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-49079

Emit startup warning if split horizons contain IP addresses

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 4.8.0
    • None
    • Security
    • None
    • Fully Compatible
    • Security 2020-08-24, Security 2020-09-21, Security 2020-10-05
    • 37

    Description

      Split Horizons rely on SNI to identify which horizon clients are a member of, and should observe topology information from. SNI is defined in RFC6066, which states:

      Currently, the only server names supported are DNS hostnames;
      ...
      Literal IPv4 and IPv6 addresses are not permitted in "HostName".

      Because it is not permissible, by the standard, to advertise IP addresses in the SNI extension, some TLS client implementations have inconsistent behaviour when asked to connect to servers with IP addresses in horizon definitions. The mongo shell, as of SERVER-42287, will refuse to advertise such extensions.

      We should complain, loudly, if horizons are configured like this.

      Attachments

        Activity

          People

            adam.cooper@mongodb.com Adam Cooper (Inactive)
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: