[SERVER-11375] Change the sslMode parameter values Created: 25/Oct/13  Updated: 19/Dec/13  Resolved: 14/Nov/13

Status: Closed
Project: Core Server
Component/s: Networking, Security
Affects Version/s: 2.5.3
Fix Version/s: 2.5.4

Type: Improvement Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

The current sslMode parameter values are:

noSSL - use unencrypted incoming and outgoing connections
acceptSSL - accept both unencrypted and encrypted connections, connect unencrypted
sendAcceptSSL - accept both unencrypted and encrypted connections, connect encrypted
sslOnly - require SSL

New proposal, change these parameters to:
disabled
allowSSL
preferSSL
requireSSL

with or without the SSL postfixes. Will ponder the change over the weekend.



 Comments   
Comment by Githook User [ 14/Nov/13 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-11375 Change names of sslMode states
Branch: master
https://github.com/mongodb/mongo/commit/8041835681df6b4b7b606aa45f979e274cacbe5d

Comment by Andreas Nilsson [ 06/Nov/13 ]

we need to make a call here for 2.5.4, eliot milkie?

Comment by Eric Milkie [ 25/Oct/13 ]

If I were a user reading through those parameter options, I would have no idea what the difference between allowSSL and preferSSL were.

Comment by Eric Milkie [ 25/Oct/13 ]

I dislike "preferSSL". "preferSSL" literally means "when given a choice of SSL or not, choose SSL. But when SSL is not a valid choice, don't use it". This situation does not apply to the server in any meaningful way.

Generated at Thu Feb 08 03:25:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.