[SERVER-34558] Add SSL_version to client metadata logging Created: 18/Apr/18 Updated: 29/Oct/23 Resolved: 23/Jul/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Diagnostics, Logging, Networking |
| Affects Version/s: | None |
| Fix Version/s: | 3.4.17, 3.6.7, 4.0.2, 4.1.2 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Andrew Davidson | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | safeTLS, security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||||||||||||||
| Backport Requested: |
v4.0, v3.6, v3.4
|
||||||||||||||||||||||||||||
| Sprint: | Platforms 2018-06-04, Platforms 2018-07-16, Platforms 2018-07-30 | ||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||
| Linked BF Score: | 0 | ||||||||||||||||||||||||||||
| Description |
|
Capturing a client's negotiated SSL_version will enable server-side admins to understand with their application stakeholders are ready for server-side configuration changes requiring higher minimum TLS versions. This can be done through a couple of different ways. First, we should record version counters in serverStatus. This will give a quick overview of the TLS ecosystem a server operates in, for humans and for machines. Secondly, the version should be logged, during connection establishment, so a manual inspection will reveal which versions were negotiated by particular IPs. This would preferably be back-ported to 3.2, 3.4, and 3.6 |
| Comments |
| Comment by Githook User [ 07/Aug/18 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit 0c532a429d4e6f1d8473b6b4f04bf21f6b6f76cb) |
| Comment by Githook User [ 31/Jul/18 ] |
|
Author: {'username': 'markbenvenuto', 'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com'}Message: |
| Comment by Githook User [ 27/Jul/18 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |
| Comment by Githook User [ 26/Jul/18 ] |
|
Author: {'username': 'markbenvenuto', 'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 0c532a429d4e6f1d8473b6b4f04bf21f6b6f76cb) |
| Comment by Githook User [ 26/Jul/18 ] |
|
Author: {'username': 'markbenvenuto', 'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 0c532a429d4e6f1d8473b6b4f04bf21f6b6f76cb) |
| Comment by Githook User [ 23/Jul/18 ] |
|
Author: {'username': 'markbenvenuto', 'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com'}Message: |