[SERVER-19433] ESE usability improvements - configuration options Created: 15/Jul/15  Updated: 19/Sep/15  Resolved: 04/Aug/15

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.1.5
Fix Version/s: 3.1.7

Type: Improvement Priority: Major - P3
Reporter: Robert Guo (Inactive) Assignee: Robert Guo (Inactive)
Resolution: Done Votes: 0
Labels: 32qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-18981 Improve WT datafile detection (for ESE) Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 6 07/17/15, Security 7 08/10/15
Participants:

 Description   
  • Figure out which SSL parameter should be KMIP specific and which should use the generic SSL option. The candidates are:
    • sslFIPSMode
    • sslCAFile
    • sslCRLFile
  • currently the CA file is KMIP specific and the FIPS and CRL options need SSL to be enabled
  • storage engine validation


 Comments   
Comment by Githook User [ 29/Jul/15 ]

Author:

{u'username': u'guoyr', u'name': u'Robert Guo', u'email': u'robert.guo@10gen.com'}

Message: SERVER-19433 Ensure KMIP and SSL configuration compatability
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/c104bc8dbd05afb5ad59c34a89da8959738e04ed

Comment by Githook User [ 29/Jul/15 ]

Author:

{u'username': u'guoyr', u'name': u'Robert Guo', u'email': u'robert.guo@10gen.com'}

Message: SERVER-19433 sslFIPSMode no longer requires requireSSL
Branch: master
https://github.com/mongodb/mongo/commit/5154fad0a86b5be74e8a2808c9a714a6f74b4bfc

Comment by Robert Guo (Inactive) [ 29/Jul/15 ]

decided on not allowing invalidHostName, not allowing CRLFile, and using the global SSL FIPS mode parameter

Generated at Thu Feb 08 03:50:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.