[SERVER-34418] Disable GCM encryption with ESE on OS X with OpenSSL Created: 11/Apr/18 Updated: 29/Oct/23 Resolved: 12/Apr/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 3.6.5, 3.7.4 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Spencer Jackson |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||
| Backport Requested: |
v3.6, v3.4
|
||||||||||||||||||||
| Sprint: | Platforms 2018-04-23 | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Linked BF Score: | 20 | ||||||||||||||||||||
| Description |
|
ESE on OS X has not historically supported AES256-GCM. This is because it used an old version of OpenSSL. Going forward, it's native cryptography will not support GCM. When built with a new copy of OpenSSL, it should continue to not support GCM to maintain compatibility with the native cryptography. |
| Comments |
| Comment by Githook User [ 16/Apr/18 ] |
|
Author: {'name': 'Spencer Jackson', 'email': 'spencer.jackson@mongodb.com', 'username': 'spencerjackson'}Message: (cherry picked from commit 208b4d09ff8f6e8f953c93e648fe7249ecdeaecd) |
| Comment by Githook User [ 12/Apr/18 ] |
|
Author: {'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}Message: |
| Comment by Spencer Jackson [ 11/Apr/18 ] |
|
CR: https://mongodbcr.appspot.com/196530002/ |