Critical - P2 Linux distros that have been GA for some time like RHEL 7 and Ubuntu 16.04 had to shoehorn TLS 1.2 support in later OS updates without breaking ABI compatibility.
See RHEL 7 for example.
The way this was done does not allow binaries built against the older ABI to enable curve auto negotiation for ECDHE ciphers in our "forward compatible" binaries--e.g. one RHEL7 binary supports 7.0-7.4. We will need to try and address this by, e.g.
- Hardcoding some things into MongoDB
- Potentially upgrading our build machines and OS minima to RHEL 7.4
- has to be done before
-
SERVER-34911 Restrict TLS ciphers supported by servers and clients
-
- Closed
-
- is duplicated by
-
-
- Closed
-