[SERVER-49079] Emit startup warning if split horizons contain IP addresses Created: 24/Jun/20  Updated: 29/Oct/23  Resolved: 23/Sep/20

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 4.8.0

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Adam Cooper (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Gantt Dependency
has to be done before SERVER-50827 Nodes with IP addresses in split hori... Closed
Problem/Incident
Backwards Compatibility: Fully Compatible
Sprint: Security 2020-08-24, Security 2020-09-21, Security 2020-10-05
Participants:
Linked BF Score: 37

 Description   

Split Horizons rely on SNI to identify which horizon clients are a member of, and should observe topology information from. SNI is defined in RFC6066, which states:

Currently, the only server names supported are DNS hostnames;
...
Literal IPv4 and IPv6 addresses are not permitted in "HostName".

Because it is not permissible, by the standard, to advertise IP addresses in the SNI extension, some TLS client implementations have inconsistent behaviour when asked to connect to servers with IP addresses in horizon definitions. The mongo shell, as of SERVER-42287, will refuse to advertise such extensions.

We should complain, loudly, if horizons are configured like this.



 Comments   
Comment by Githook User [ 23/Sep/20 ]

Author:

{'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com', 'username': 'super-cooper'}

Message: SERVER-49079 Emit startup warning if split horizons contain IP addresses
Branch: master
https://github.com/mongodb/mongo/commit/0ca11f92c4f2fcd889aa661c6b26b5b3d6765705

Generated at Thu Feb 08 05:18:52 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.