[SERVER-28014] When SSL mode is preferSSL, log connections that do not use SSL Created: 15/Feb/17  Updated: 20/Jul/17  Resolved: 21/Mar/17

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.2.14, 3.4.4, 3.5.5

Type: Improvement Priority: Major - P3
Reporter: Tom Li Assignee: Samantha Ritter (Inactive)
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
related to SERVER-28015 Have SSL connection details in db.cur... Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v3.4, v3.2, v3.0
Sprint: Platforms 2017-03-27
Participants:
Case:

 Description   

When a client makes a SSL connection to the host, with certificate or not, the client metadata captured in the log does not contain SSL related information, except SERVER-24176 which logs the peersubjectName only when the client has provided a valid certificate. For a MongoDB configurations that allow SSL and non-SSL connections, this is very difficult for admins to identify if a connection from a client is SSL encrypted or not.
It would be very useful to flag the SSL connection details for all types of SSL connections.



 Comments   
Comment by Githook User [ 04/May/17 ]

Author:

{u'username': u'samantharitter', u'name': u'samantharitter', u'email': u'samantha.ritter@10gen.com'}

Message: SERVER-28014 Add logging to expose non-SSL connections when SSL is preferred but not required
Branch: v3.2
https://github.com/mongodb/mongo/commit/4b949cc2b4bfb240f1fc67a500fc86de520fdf06

Comment by Githook User [ 27/Mar/17 ]

Author:

{u'username': u'samantharitter', u'name': u'samantharitter', u'email': u'samantha.ritter@10gen.com'}

Message: SERVER-28014 Add logging to expose non-SSL connections when SSL is preferred but not required

(cherry-picked from commit 0d7ae60a0fafe11d61def67493c26809443e1987)
Branch: v3.4
https://github.com/mongodb/mongo/commit/1845e940fadc5472ba691380815c68549a0ddeb6

Comment by Githook User [ 21/Mar/17 ]

Author:

{u'username': u'samantharitter', u'name': u'samantharitter', u'email': u'samantha.ritter@10gen.com'}

Message: SERVER-28014 Add logging to expose non-SSL connections when SSL is preferred but not required
Branch: master
https://github.com/mongodb/mongo/commit/0d7ae60a0fafe11d61def67493c26809443e1987

Generated at Thu Feb 08 04:16:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.