[COMPASS-4599] Convert X509 authentication SSL/TLS settings to the most secure option when possible Created: 02/Feb/21 Updated: 02/Sep/22 Resolved: 02/Sep/22 |
|
| Status: | Closed |
| Project: | Compass |
| Component/s: | Connectivity, Security |
| Affects Version/s: | None |
| Fix Version/s: | No version |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Maurizio Casimirri | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Story Points: | 2 | ||||||||||||||||
| Documentation Changes: | Not Needed | ||||||||||||||||
| Description |
|
The current "backward compatible" conversion from connection model to connection info will add insecure options to the connection string. When safe and possible we want to convert to a more secure connection string, for example with Atlas we know that we can remove tlsAllowInvalidCertificates=true and tlsAllowInvalidHostnames=true and we do not need a CA and "client private key" |
| Comments |
| Comment by Maurizio Casimirri [ 02/Sep/22 ] |
|
Not doing this anymore, customer did not report issues with the transition to new connection models |