Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
Cheshire-Cat
-
1
Description
Per MB-41794 we're going to make the default minimum level of TLS network encryption to version 1.2 of the protocol, starting in version 7.0 of Couchbase Server once the cluster has been upgraded.
Note that TLS 1.2 is over 12 years old and all major web browsers have already deprecated and removed support for anything lower than ver 1.2 since 2019/2020 as the lower versions are no longer considered to be secure, so this should be very unlikely to affect our customers and there's been industry-wide shift to move to TLS 1.2 and higher.
That said, this change needs to be very clearly described in the release notes for 7.0 as customers will need to ensure that their clients which use TLS encryption support TLS 1.2 or they need to configure the minimum TLS to a lower version, following the steps @ https://docs.couchbase.com/server/current/manage/manage-security/manage-tls.html#set-the-minimum-tls-version
And the documentation on settings TLS versions need to indicate that the default minimum TLS version for clusters is 1.2.
Attachments
Issue Links
- depends on
-
MB-41794 All clusters should default to setting minimum TLS version to TLS 1.2
- Closed