Docs Security Reorg/Rewrite Project (DOCS-5336)

[DOCS-5272] Improve documentation on SSL/TLS Created: 10/Apr/15  Updated: 11/Jan/17  Resolved: 08/May/15

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: 01112017-cleanup

Type: Sub-task Priority: Major - P3
Reporter: James Kerr Assignee: Kay Kim (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to DOCS-4295 Specify SSL/TLS instead of only SSL i... Closed
Participants:
Days since reply: 8 years, 40 weeks, 5 days ago

 Description   

This should probably result in a few DOCS tickets so I'm creating it here.

Our documentation about encryption for in-flight data refers only to SSL. I know that SSL and TLS are often used synonymously but not every one does (because they are not) and there is no mention of TLS in our security documentation. In fact, as I understand it, we have disabled the use of SSLv2 and SSLv3 at the sever level so we are only using TLS 1.0+ for establishing encrypted channels.

I proposed we at least add some detail in our documentation about what SSL/TLS versions are enable/disabled as well as perhaps change references to SSL to TLS/SSL or even just TLS. Right now it takes a lot of digging to determine that we even support TLS 1.2 and I don't think there's anything customer facing that says that. The fact that we use OpenSSL implies it can take a lot of digging for a customer to arrive at that conclusion (or, worst case, not).



 Comments   
Comment by Githook User [ 08/May/15 ]

Author:

{u'username': u'kay-kim', u'name': u'kay', u'email': u'kay.kim@10gen.com'}

Message: DOCS-4295 DOCS-5272 include TLS when mentioning SSL
Branch: master
https://github.com/mongodb/docs/commit/12ef3449ad5cac3528ae57b392366cd636ec00b8

Comment by Githook User [ 08/May/15 ]

Author:

{u'username': u'kay-kim', u'name': u'kay', u'email': u'kay.kim@10gen.com'}

Message: DOCS-4295 DOCS-5272 include TLS when mentioning SSL
Branch: v2.6
https://github.com/mongodb/docs/commit/03adebc8f0191755f5a6163be752ecf9dcbea7a1

Comment by Andreas Nilsson [ 13/Apr/15 ]

I like the suggestions.

We have some other open SSL DOCS tickets as well. I don't think we should keep this one around in the SECURITY project though but keep that for identified security issues.

Generated at Thu Feb 08 07:50:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.