[SERVER-40393] Disable SSL_MODE_RELEASE_BUFFERS in ASIO Created: 29/Mar/19 Updated: 29/Oct/23 Resolved: 03/Apr/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 3.4.22, 3.6.13, 4.1.10, 4.0.10 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | David Daly | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Backport Requested: |
v4.0, v3.6, v3.4
|
||||||||||||
| Sprint: | Security 2019-04-08 | ||||||||||||
| Participants: | |||||||||||||
| Linked BF Score: | 0 | ||||||||||||
| Description |
|
We should disable the use of SSL_MODE_RELEASE_BUFFERS in ASIO in MongoDB. According to https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_mode.html, SSL_MODE_RELEASE_BUFFERS :
If we have 30k idle connections, that works out to 1 GB of data.
|
| Comments |
| Comment by Githook User [ 05/Jun/19 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |
| Comment by Githook User [ 14/May/19 ] |
|
Author: {'name': 'Mark Benvenuto', 'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com'}Message: |
| Comment by Luke Chen [ 11/Apr/19 ] |
|
Fixing up fixversion as this ticket was not included as part of 4.0.9 release. |
| Comment by Githook User [ 08/Apr/19 ] |
|
Author: {'email': 'mark.benvenuto@mongodb.com', 'name': 'Mark Benvenuto', 'username': 'markbenvenuto'}Message: (cherry picked from commit c7476a53ab4e33914217b61c8e81f29b8df09322) |
| Comment by Githook User [ 03/Apr/19 ] |
|
Author: {'name': 'Mark Benvenuto', 'username': 'markbenvenuto', 'email': 'mark.benvenuto@mongodb.com'}Message: |
| Comment by Daniel Pasette (Inactive) [ 29/Mar/19 ] |
|
thanks for pointing this out mark.benvenuto! |