diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2018-12-05 19:35:18 +0000 |
---|---|---|
committer | Sara Golemon <sara.golemon@mongodb.com> | 2018-12-05 19:35:55 +0000 |
commit | 1af2751f9d17ab303043dfa81d9485b4110845ec (patch) | |
tree | 945b7bcb8c7a6cd7ec09f49ea9f9e71a6412e66c /src/mongo/util/net/ssl_options_server.cpp | |
parent | 5097d5ad8d1eeedb78b9500fb4bda40a7666617e (diff) | |
download | mongo-1af2751f9d17ab303043dfa81d9485b4110845ec.tar.gz |
Revert "SERVER-38281 Defer TLS-1.0 auto disable warning till log startup"
This reverts commit e0932edfcb5704629421b5cf6cfc5457c70f0d6e.
Diffstat (limited to 'src/mongo/util/net/ssl_options_server.cpp')
-rw-r--r-- | src/mongo/util/net/ssl_options_server.cpp | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/src/mongo/util/net/ssl_options_server.cpp b/src/mongo/util/net/ssl_options_server.cpp index 335e2daba6c..24d5c2a10da 100644 --- a/src/mongo/util/net/ssl_options_server.cpp +++ b/src/mongo/util/net/ssl_options_server.cpp @@ -83,8 +83,6 @@ Status storeTLSLogVersion(const std::string& loggedProtocols) { namespace { -bool gImplicitDisableTLS10 = false; - // storeSSLServerOptions depends on serverGlobalParams.clusterAuthMode // and IDL based storage actions, and therefore must run later. MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) { @@ -163,7 +161,8 @@ MONGO_STARTUP_OPTIONS_POST(SSLServerOptions)(InitializerContext*) { * old version of OpenSSL (pre 1.0.0l) * which does not support TLS 1.1 or later. */ - gImplicitDisableTLS10 = true; + log() << "Automatically disabling TLS 1.0, to force-enable TLS 1.0 " + "specify --sslDisabledProtocols 'none'"; sslGlobalParams.sslDisabledProtocols.push_back(SSLParams::Protocols::TLS1_0); #endif } @@ -313,17 +312,5 @@ MONGO_STARTUP_OPTIONS_VALIDATE(SSLServerOptions)(InitializerContext*) { return Status::OK(); } -// This warning must be deferred until after -// ServerLogRedirection has started up so that -// it goes to the right place. -MONGO_INITIALIZER_WITH_PREREQUISITES(ImplicitDisableTLS10Warning, ("ServerLogRedirection")) -(InitializerContext*) { - if (gImplicitDisableTLS10) { - log() << "Automatically disabling TLS 1.0, to force-enable TLS 1.0 " - "specify --sslDisabledProtocols 'none'"; - } - return Status::OK(); -} - } // namespace } // namespace mongo |