[CDRIVER-2627] Allow TLS 1.1 with LibreSSL Created: 25/Apr/18 Updated: 26/Apr/18 Resolved: 26/Apr/18 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | tls |
| Affects Version/s: | None |
| Fix Version/s: | 1.10.0 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | A. Jesse Jiryu Davis | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Description |
|
LibreSSL's TLS_PROTOCOLS_DEFAULT is defined to allow TLS 1.2 only, since LibreSSL 2.1.4 in 2015. Let's allow TLS 1.1 as well, consistent with Atlas and other MongoDB products. |
| Comments |
| Comment by A. Jesse Jiryu Davis [ 26/Apr/18 ] |
|
On the recommendation of our security team, we won't introduce pre-TLS 1.2 where it isn't already supported. |