-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Fully Compatible
-
ALL
-
Security 2018-12-03
OpenSSL only allows you to explicitly exclude TLS/SSL versions, not enable specific ones. In tls_enumerator.py, we do not exclude TLS 1.3 when probing for suites in other TLS/SSL versions. No errors appear in our current testing suites because none of the testing variants build mongod with TLS 1.3 / OpenSSL 1.1.1 support. Once we introduce a build variant with TLS 1.3 support, build failures will be generated as-is.
To fix this, exclude TLS 1.3 when probing for ciphers in other protocols.