[SERVER-36618] Write JS integration tests that validate whichever TLS suites are available on each Evergreen platform Created: 13/Aug/18 Updated: 29/Oct/23 Resolved: 08/Oct/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 4.1.4 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Gregory McKeon (Inactive) | Assignee: | Shreyas Kalyan |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Sprint: | Security 2018-09-24, Security 2018-10-08 | ||||||||||||
| Participants: | |||||||||||||
| Linked BF Score: | 46 | ||||||||||||
| Description |
|
We should write a JSTest which spins up a mongod, connects to it, and extracts information about which TLS protocols/suites are supported. Eventually, we'll want to assert that ECDHE and DHE are supported on all platforms. However, until we get to that point, we should only assert that they're available where they exist today. We should validate that all platforms support TLS 1.1 and TLS 1.2, and do not support TLS 1.0 or below. We should validate that no "weak" ciphers are offered. Amazon Linux 1 will explicitly not be required to support ECDHE, due to its copy of OpenSSL's buildoptions. |
| Comments |
| Comment by Githook User [ 08/Oct/18 ] |
|
Author: {'name': 'Shreyas Kalyan', 'email': 'shreyaskalyan@gmail.com', 'username': 'shreyaskal'}Message: |