[SERVER-36618] Write JS integration tests that validate whichever TLS suites are available on each Evergreen platform Created: 13/Aug/18  Updated: 29/Oct/23  Resolved: 08/Oct/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 4.1.4

Type: Task Priority: Major - P3
Reporter: Gregory McKeon (Inactive) Assignee: Shreyas Kalyan
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Problem/Incident
Related
related to SERVER-37529 Fix SSL test ssl_ECDHE_suites.js on n... Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2018-09-24, Security 2018-10-08
Participants:
Linked BF Score: 46

 Description   

We should write a JSTest which spins up a mongod, connects to it, and extracts information about which TLS protocols/suites are supported. Eventually, we'll want to assert that ECDHE and DHE are supported on all platforms. However, until we get to that point, we should only assert that they're available where they exist today.

We should validate that all platforms support TLS 1.1 and TLS 1.2, and do not support TLS 1.0 or below.

We should validate that no "weak" ciphers are offered.

Amazon Linux 1 will explicitly not be required to support ECDHE, due to its copy of OpenSSL's buildoptions.



 Comments   
Comment by Githook User [ 08/Oct/18 ]

Author:

{'name': 'Shreyas Kalyan', 'email': 'shreyaskalyan@gmail.com', 'username': 'shreyaskal'}

Message: SERVER-36618 Write JS integration tests that validate whichever TLS suites are available on each Evergreen platform
Branch: master
https://github.com/mongodb/mongo/commit/0169d181bd15057a57616af55838b9e132133dd6

Generated at Thu Feb 08 04:43:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.