Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-37714

Check for and set SSL_OP_NO_RENEGOTIATION

    • Type: Icon: Question Question
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.3.1
    • Affects Version/s: None
    • Component/s: Networking, Security
    • Fully Compatible
    • Security 2019-06-17

      TLS renegotiation is complicated, has been removed from TLS 1.3, and is not supported on the OS X and Windows native cryptography implementations. For consistency going forward, we should disable it on OpenSSL, if we are able to.

      Some versions of OpenSSL define SSL_OP_NO_RENEGOTIATION, which disabled renegotiation on TLS 1.2 and before. If this macro is defined, we should apply it to our SSL_CTX objects with SSL_CTX_set_options.

            Assignee:
            roxane.fruytier@mongodb.com Roxane Fruytier (Inactive)
            Reporter:
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: