[SERVER-49080] Include TLS SNI extensions advertised by clients in debug logs Created: 24/Jun/20 Updated: 29/Oct/23 Resolved: 30/Jul/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Logging, Security |
| Affects Version/s: | None |
| Fix Version/s: | 4.7.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Gabriel Marks |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Sprint: | Security 2020-08-10 | ||||
| Participants: | |||||
| Case: | (copied to CRM) | ||||
| Description |
|
The TLS SNI extension is advertised by clients, to indicate the server name they believe they are connecting to. Servers are expected to use this information to, for example, select an X.509 certificate with a Subject Alternative Name which it would expect the client to accept. MongoDB uses this information to tweak the topology information advertised in isMaster. It would be useful for debugging to include a client's SNI extension in the debug logs. |
| Comments |
| Comment by Githook User [ 30/Jul/20 ] |
|
Author: {'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}Message: |