[SERVER-37130] Add TLS version counting to mongos Created: 13/Sep/18  Updated: 29/Oct/23  Resolved: 11/Oct/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 3.4.17, 3.6.8
Fix Version/s: 3.4.18, 3.6.9

Type: Bug Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: safeTLS, security, security-tls
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
is related to SERVER-36250 Add support for optionally logging sp... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.0, v3.6, v3.4
Sprint: Security 2018-10-08, Security 2018-10-22
Participants:

 Description   

SERVER-34558 delivered support for counting TLS versions in mongod. Cloud also needs support in mongos.



 Comments   
Comment by Githook User [ 10/Oct/18 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-37130 Add TLS version counting to mongos

(cherry picked from commit 55521fda85e7b4d7b84c62661987e56b29255d17)
Branch: v3.4
https://github.com/mongodb/mongo/commit/b6ab4829e160df1b311b431946392623762ac4b0

Comment by Githook User [ 10/Oct/18 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-37130 Add TLS version counting to mongos
Branch: v3.6
https://github.com/mongodb/mongo/commit/55521fda85e7b4d7b84c62661987e56b29255d17

Comment by Mark Benvenuto [ 20/Sep/18 ]

spencer.jackson

This is the fix for v3.6

diff --git a/src/mongo/SConscript b/src/mongo/SConscript
index 9c340ac2f8..6383dcc193 100644
--- a/src/mongo/SConscript
+++ b/src/mongo/SConscript
@@ -415,6 +415,7 @@ env.Install(
             'util/clock_sources',
             'util/fail_point',
             'util/ntservice',
+            'util/net/ssl_manager_status',
             'util/options_parser/options_parser_init',
             'util/version_impl',
         ]))

Comment by Mark Benvenuto [ 19/Sep/18 ]

I investigated this a little more.

The issue only affects the backports of SERVER-34558 back to v3.6 and v3.4 since the code had to re-organized in the backport which caused the issue.

A new library called ssl_manager_status was created for these branches and this was only linked in to mongod

Generated at Thu Feb 08 04:45:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.