[SERVER-34558] Add SSL_version to client metadata logging Created: 18/Apr/18  Updated: 29/Oct/23  Resolved: 23/Jul/18

Status: Closed
Project: Core Server
Component/s: Diagnostics, Logging, Networking
Affects Version/s: None
Fix Version/s: 3.4.17, 3.6.7, 4.0.2, 4.1.2

Type: Improvement Priority: Major - P3
Reporter: Andrew Davidson Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: safeTLS, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Documented
is documented by DOCS-12320 Document new serverStatus section Closed
Problem/Incident
Related
related to SERVER-36250 Add support for optionally logging sp... Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.0, v3.6, v3.4
Sprint: Platforms 2018-06-04, Platforms 2018-07-16, Platforms 2018-07-30
Participants:
Linked BF Score: 0

 Description   

Capturing a client's negotiated SSL_version will enable server-side admins to understand with their application stakeholders are ready for server-side configuration changes requiring higher minimum TLS versions.

This can be done through a couple of different ways. First, we should record version counters in serverStatus. This will give a quick overview of the TLS ecosystem a server operates in, for humans and for machines. Secondly, the version should be logged, during connection establishment, so a manual inspection will reveal which versions were negotiated by particular IPs.

This would preferably be back-ported to 3.2, 3.4, and 3.6



 Comments   
Comment by Githook User [ 07/Aug/18 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-34558 Add server status for transport security protocol versions

(cherry picked from commit 0c532a429d4e6f1d8473b6b4f04bf21f6b6f76cb)
Branch: v4.0
https://github.com/mongodb/mongo/commit/21e13158129bbce70bc07fea9f07fee9bf18c88a

Comment by Githook User [ 31/Jul/18 ]

Author:

{'username': 'markbenvenuto', 'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com'}

Message: SERVER-34558 Add server status for transport security protocol versions
Branch: v3.4
https://github.com/mongodb/mongo/commit/5606239eb18216e9b71706cd815827e5b64d8a1e

Comment by Githook User [ 27/Jul/18 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-34558 Add server status for transport security protocol versions
Branch: v3.4
https://github.com/mongodb/mongo/commit/6ab876af14873c6f9619941481391f7a87b62864

Comment by Githook User [ 26/Jul/18 ]

Author:

{'username': 'markbenvenuto', 'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com'}

Message: SERVER-34558 Add server status for transport security protocol versions

(cherry picked from commit 0c532a429d4e6f1d8473b6b4f04bf21f6b6f76cb)
Branch: v3.4
https://github.com/mongodb/mongo/commit/5abce331b6a3c4aa677fea7237dc43f0810eea76

Comment by Githook User [ 26/Jul/18 ]

Author:

{'username': 'markbenvenuto', 'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com'}

Message: SERVER-34558 Add server status for transport security protocol versions

(cherry picked from commit 0c532a429d4e6f1d8473b6b4f04bf21f6b6f76cb)
Branch: v3.6
https://github.com/mongodb/mongo/commit/674203f380bba48ca77b09e73dfc11d6f806f284

Comment by Githook User [ 23/Jul/18 ]

Author:

{'username': 'markbenvenuto', 'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com'}

Message: SERVER-34558 Add server status for transport security protocol versions
Branch: master
https://github.com/mongodb/mongo/commit/0c532a429d4e6f1d8473b6b4f04bf21f6b6f76cb

Generated at Thu Feb 08 04:37:04 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.