Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-1948

Use Go-native TLS dialer on platforms with openssl 0.9.x

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Critical - P2
    • Resolution: Fixed
    • None
    • 3.7.4, 3.4.15, 3.6.5, 4.0.0-rc0
    • All Tools
    • None

    Description

      Atlas is likely to start offering a TLS 1.2 only mode. This isn't possible with the system openssl on macosx or the openssl with suse11 (or RHEL 5.5). As the openssl wrapper is needed for FIPS support and we don't support FIPS on older versions of openssl anyway, we should implement a Go-native TLS dialer on platforms with 0.9.x.

      We can identify ones that have 'openssl_pre_1.0' as a Go build tag – which we're already asking for in SERVER-32922 for the wrapper. After this change, that build tag will turn off the wrapper and turn on the Go-native TLS dialer.

      The Go-native TLS dialer can likely be adapted from the one that exists for the new Go driver.

      Attachments

        Issue Links

          Activity

            People

              david.golden@mongodb.com David Golden
              david.golden@mongodb.com David Golden
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: