-
Type: Improvement
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Diagnostics, Logging, Networking
-
Fully Compatible
-
v4.0, v3.6, v3.4
-
Platforms 2018-06-04, Platforms 2018-07-16, Platforms 2018-07-30
-
0
Capturing a client's negotiated SSL_version will enable server-side admins to understand with their application stakeholders are ready for server-side configuration changes requiring higher minimum TLS versions.
This can be done through a couple of different ways. First, we should record version counters in serverStatus. This will give a quick overview of the TLS ecosystem a server operates in, for humans and for machines. Secondly, the version should be logged, during connection establishment, so a manual inspection will reveal which versions were negotiated by particular IPs.
This would preferably be back-ported to 3.2, 3.4, and 3.6
- related to
-
SERVER-36250 Add support for optionally logging specific negotiated TLS versions
- Closed