[SERVER-38258] Properly separate TLS 1.3 protocol in tls_enumerator.py Created: 27/Nov/18  Updated: 29/Oct/23  Resolved: 29/Nov/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.1.6

Type: Bug Priority: Major - P3
Reporter: Patrick Freed Assignee: Patrick Freed
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security 2018-12-03
Participants:

 Description   

OpenSSL only allows you to explicitly exclude TLS/SSL versions, not enable specific ones. In tls_enumerator.py, we do not exclude TLS 1.3 when probing for suites in other TLS/SSL versions. No errors appear in our current testing suites because none of the testing variants build mongod with TLS 1.3 / OpenSSL 1.1.1 support. Once we introduce a build variant with TLS 1.3 support, build failures will be generated as-is.

To fix this, exclude TLS 1.3 when probing for ciphers in other protocols.



 Comments   
Comment by Githook User [ 29/Nov/18 ]

Author:

{'name': 'Patrick Freed', 'email': 'patrick.freed@mongodb.com', 'username': 'patrickfreed'}

Message: SERVER-38258 Properly separate TLS 1.3 protocol in tls_enumerator.py
Branch: master
https://github.com/mongodb/mongo/commit/53ebb7eb8bef280c5dc189bbb2c162379e7ebd3c

Generated at Thu Feb 08 04:48:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.