Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-41794

All clusters should default to setting minimum TLS version to TLS 1.2

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Cheshire-Cat
    • 7.0.0
    • ns_server
    • None
    • 1

    Description

      When a user configures a new cluster the minimum TLS version should be set to TLS 1.2

      From looking at https://en.wikipedia.org/wiki/Transport_Layer_Security :

      "The PCI Council suggested that organizations migrate from TLS 1.0 to TLS 1.1 or higher before June 30, 2018.[24][25] In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020.[11]"

      Given that an operator can change this we should be "secure by default" and "force" the operator to explicitly open the door for old and deprecated security layers.

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            Build couchbase-server-7.0.0-4486 contains ns_server commit fcc26a6 with commit message:
            MB-41794: Use minimum TLS1.2 by default

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.0-4486 contains ns_server commit fcc26a6 with commit message: MB-41794 : Use minimum TLS1.2 by default

            People

              ritam.sharma Ritam Sharma
              trond Trond Norbye
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty