Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-38258

Properly separate TLS 1.3 protocol in tls_enumerator.py

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.1.6
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • ALL
    • Security 2018-12-03

      OpenSSL only allows you to explicitly exclude TLS/SSL versions, not enable specific ones. In tls_enumerator.py, we do not exclude TLS 1.3 when probing for suites in other TLS/SSL versions. No errors appear in our current testing suites because none of the testing variants build mongod with TLS 1.3 / OpenSSL 1.1.1 support. Once we introduce a build variant with TLS 1.3 support, build failures will be generated as-is.

      To fix this, exclude TLS 1.3 when probing for ciphers in other protocols.

            Assignee:
            patrick.freed@mongodb.com Patrick Freed
            Reporter:
            patrick.freed@mongodb.com Patrick Freed
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: