Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-41794

All clusters should default to setting minimum TLS version to TLS 1.2

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Major
    • 7.0.0
    • Cheshire-Cat
    • ns_server
    • None
    • 1

    Description

      When a user configures a new cluster the minimum TLS version should be set to TLS 1.2

      From looking at https://en.wikipedia.org/wiki/Transport_Layer_Security :

      "The PCI Council suggested that organizations migrate from TLS 1.0 to TLS 1.1 or higher before June 30, 2018.[24][25] In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020.[11]"

      Given that an operator can change this we should be "secure by default" and "force" the operator to explicitly open the door for old and deprecated security layers.

      Attachments

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. DOC-8206 7.0 Docs - TSL protocol default to 1.2

          • Major - Major loss of function.
          • Resolved
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. MB-30208 Update and normalize security defaults

          • Major - Major loss of function.
          • Open
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              ritam.sharma Ritam Sharma
              trond Trond Norbye
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty