[DOCS-12145] Docs for SERVER-37135: TLSVersionCounts needs to track and report TLS 1.3 Created: 15/Oct/18  Updated: 13/Nov/23  Resolved: 05/Dec/19

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 4.1.4, 3.6.9, 4.0.4, 3.4.24, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Kay Kim (Inactive) Assignee: Kay Kim (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-37135 TLSVersionCounts needs to track and r... Closed
Participants:
Days since reply: 4 years, 1 day ago
Epic Link: DOCS: 4.2 Server/Tools

 Description   

Description

Description:

sslDisabledProtocols now accepts 'TLS1_3' as a protocol which can be disabled. Not all platforms support TLS 1.3. As yet, only OpenSSL 1.1.1 is able to do so. Setting this value on platforms which do not support TLS 1.3 is a no-op, as TLS 1.3 was already disabled.

Engineering Ticket Description:

ArchLinux has just received packages for OpenSSL 1.1.1, which provides support for TLS 1.3.

ssl_manager_openssl.cpp attempts to increment TLS version counts for TLS 1.3, if it is compiled against a version of OpenSSL which exposes a relevant preprocessor macro. However, TLSVersionCounts is missing the member variable which needs to be incremented.

This causes compilation to fail.

We likely additionally need an "unknown" field. MongoDB binaries compiled against old versions of OpenSSL, but dynamically linked against newer versions may be able to negotiate TLS 1.3 while not having access to compile time constants which identify the protocol.

In order to test this functionality, we will need to add support for TLS 1.3 to be used in tlsDisableProtocols, on platforms that support the protocol

Scope of changes

Just the options since backported. (no specific 4.2 changes)

Impact to Other Docs

none

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Githook User [ 11/Feb/20 ]

Author:

{'username': 'kay-kim', 'name': 'Kay Kim', 'email': 'kay.kim@10gen.com'}

Message: DOCS-12145: update manual for backport to 3.4.24
Branch: v4.2
https://github.com/mongodb/docs/commit/9d66d72bfa75286dd6cff19898347e67a479a592

Comment by Githook User [ 28/Jan/20 ]

Author:

{'email': 'kay.kim@10gen.com', 'name': 'Kay Kim', 'username': 'kay-kim'}

Message: DOCS-12145: update manual for backport to 3.4.24
Branch: v4.2
https://github.com/mongodb/docs/commit/9d66d72bfa75286dd6cff19898347e67a479a592

Comment by Githook User [ 28/Jan/20 ]

Author:

{'email': 'kay.kim@10gen.com', 'username': 'kay-kim', 'name': 'Kay Kim'}

Message: DOCS-12145: update manual for backport to 3.4.24
Branch: master
https://github.com/mongodb/docs/commit/271c26346e034fe326d90cd6fe015bd043c62c48

Comment by Githook User [ 28/Jan/20 ]

Author:

{'email': 'kay.kim@10gen.com', 'username': 'kay-kim', 'name': 'kay'}

Message: DOCS-12145: 3.4.24 allow disabling of tls_1.3
Branch: v3.4
https://github.com/mongodb/docs/commit/f6b112b2a47f4a15de7570bc7e25df286d92da3e

Comment by Githook User [ 04/Dec/19 ]

Author:

{'email': 'kay.kim@10gen.com', 'name': 'kay', 'username': 'kay-kim'}

Message: DOCS-12145: 3.4.24 allow disabling of tls_1.3
Branch: v3.4.24
https://github.com/mongodb/docs/commit/047ea1479476472050a7c85c1820943b3ee8d151

Comment by Kay Kim (Inactive) [ 04/Dec/19 ]

Reopening since backport to 3.4

Comment by Githook User [ 16/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12145: 3.6.9 allow disabling of tls_1.3
Branch: v3.6
https://github.com/mongodb/docs/commit/09bb44679fbb241e4d9b99030f7d2ba11414ca8b

Comment by Githook User [ 08/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12145: 4.0.4 - add mention of 3.6.9
Branch: v4.0
https://github.com/mongodb/docs/commit/3bc2efb5f9da0206b292da6deb6571d3b661ec52

Comment by Githook User [ 08/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12145: 4.0.4 allow disabling of tls_1.3
Branch: v4.0
https://github.com/mongodb/docs/commit/e3d534940acc3cbc46e50b2e1e4c364fcc5b61d4

Comment by Githook User [ 06/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12145: 4.0.4 - add mention of 3.6.9
Branch: master
https://github.com/mongodb/docs/commit/6976d8a2e62ac0c3ede5ab03c521430fc3c5f5bf

Comment by Githook User [ 06/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12145: 4.0.4 - add mention of 3.6.9
Branch: v4.0.4-upcoming
https://github.com/mongodb/docs/commit/27be0341f809923094435818e682857b2b5c7dbe

Comment by Githook User [ 06/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12145: 3.6.9 allow disabling of tls_1.3
Branch: v3.6.9
https://github.com/mongodb/docs/commit/2f9060c564a9ae0956b0643e7745c7eb0d76fc11

Comment by Githook User [ 06/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12145: 4.0.4 allow disabling of tls_1.3
Branch: v4.0.4-upcoming
https://github.com/mongodb/docs/commit/cf72bee82dbf72859fb33a720821f2440159c187

Comment by Githook User [ 06/Nov/18 ]

Author:

{'name': 'kay', 'email': 'kay.kim@10gen.com', 'username': 'kay-kim'}

Message: DOCS-12145: 4.0.4 allow disabling of tls_1.3
Branch: master
https://github.com/mongodb/docs/commit/5a236d3c0e43c148d5666022166a10cfcaa04f2a

Generated at Thu Feb 08 08:04:29 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.