TLS Diffie Hellman key exchange

[Gijs Van Laer]

Hi,

I was trying to configure my mongoDB server using a different TLS protocol than the default AES_256_GCM_SHA384 that you get when following the instructions outlined in the mongoDB documentation: https://docs.mongodb.com/v3.2/tutorial/configure-ssl

The protocol I would preferably like to use is one of the following:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

Anyone an idea if MongoDB supports any of these, and if so, how to configure it?

Thanks!

[Stephen Steneker]

Hi Gijs,

I noticed this question was also cross-posted to the mongodb-dev list (https://groups.google.com/forum/#!topic/mongodb-dev/ACcDSVE4B6Q) which resulted in an improvement request: SERVER-24897: Configure Diffie-Hellman parameters for OpenSSL.

Thanks for the suggestion! If anyone else is interested in this improvement, please upvote/watch SERVER-24897.

Regards,

Stephen