Documentation Request Summary:
This change makes NativeTLS the default build mode for OSX binaries. See PM-305 for a full list of the changes this represents including:
- (/)Support for TLS 1.1 and 1.2 (
DOCS-11654)
- Support for Security Keychain and System CA (
DOCS-11426)
Remove of some OpenSSL specific esoteric functionality.
Backwards Breaking Change: Encrypted PEM files are not supported on Apple (lacks ability to decode PEMs encrypted with AES) and Windows (no support at all) (DOCS-11608)
-
- Current Plan Of Record is to advise customers to use certificate selectors as more secure alternative
- On macOS, sslCRLFile is not supported.
Engineering Ticket Description:
Change the macOS SSL and Enterprise builds to use "--ssl-provider=native".
Create an OpenSSL daily build variant to ensure it continues to work.
Scope of changes:
- core/security-encryption-at-rest
- tutoria/configure-encryption
- source/includes/options-conf.yaml
Impact to other docs outside of this product:
MVP:
Resources:
|