[SERVER-36619] Test that ECDSA certificates can be loaded by OpenSSL on Linux Created: 13/Aug/18  Updated: 29/Oct/23  Resolved: 05/Nov/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 4.1.5

Type: Task Priority: Major - P3
Reporter: Gregory McKeon (Inactive) Assignee: Patrick Freed
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Sprint: Security 2018-11-05
Participants:

 Description   

ECDHE based cipher suites tend to be slower than non-Forward Secrecy preserving variants. The mitigation for this is to deploy certificates containing ECDSA keys(preferably themselves signed by a CA with ECDSA). Because ECDSA is significantly faster than RSA, this results in comparable performance.

We should generate an ECDSA certificate with OpenSSL, check it in into jstests/libs(with instructions describing how to regenerate it), and write a JSTest which validates that we can use it as an tlsPEMKeyFile. If any platforms fail to load the certificate, we should bake that information into the test.



 Comments   
Comment by Githook User [ 05/Nov/18 ]

Author:

{'name': 'Patrick Freed', 'email': 'patrick.freed@mongodb.com', 'username': 'patrickfreed'}

Message: SERVER-36619 Fix typo in SSL readme
Branch: master
https://github.com/mongodb/mongo/commit/cb794ccb3a3e8d3652ccb0b2be7e9a47ecf92071

Comment by Githook User [ 02/Nov/18 ]

Author:

{'name': 'Patrick Freed', 'email': 'patrick.freed@mongodb.com', 'username': 'patrickfreed'}

Message: SERVER-36619 Test that ECDSA certificates can be loaded by OpenSSL on Linux
Branch: master
https://github.com/mongodb/mongo/commit/d7ac4da9c4167a55040986502af0451736e7f94d

Generated at Thu Feb 08 04:43:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.