[SERVER-6641] Ability to configure supported ciphers when using SSL Created: 30/Jul/12  Updated: 11/Jul/16  Resolved: 13/Mar/14

Status: Closed
Project: Core Server
Component/s: Networking, Security
Affects Version/s: 2.0.6
Fix Version/s: 2.5.5

Type: New Feature Priority: Major - P3
Reporter: Kevin Henry Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

64-bit Linux (Centos 6.3)


Issue Links:
Related
is related to SERVER-10520 Add SSL cipher restriction capability Closed
Backwards Compatibility: Fully Compatible
Participants:

 Description   

I am unable to find any way to specify which SSL ciphers to enable/disable. I would like to be able to disable LOW and EXP ciphers on the mongod server when using SSL.

For Example, when mongod is running with ssl enabled on the server host the command

echo "" | openssl s_client -cipher LOW:EXP -port 27017 -host 127.0.0.1

should not return any supported ciphers.



 Comments   
Comment by Andreas Nilsson [ 13/Mar/14 ]

In SERVER-10520 we made the decision to explicitly disallow all SSL ciphers that are considered weak. Specifically we only allow ciphers of strength HIGH and disallow EXP.

I will resolve this ticket since it addressed the same feature request.

Generated at Thu Feb 08 03:12:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.