SCRAM-SHA-256 (and more)

10gen / mongo-orchestration

Apache License 2.0

7 stars 11 forks source link

SCRAM-SHA-256 (and more) #260

Closed Neustradamus closed 4 years ago

Neustradamus commented 5 years ago

Ready for SCRAM-SHA-256 (and more)?

ShaneHarvey commented 5 years ago

Can you elaborate what the issue is?

behackett commented 5 years ago

mongo-orchestration is built on top of PyMongo, which already supports SCRAM-SHA-256.

Neustradamus commented 5 years ago

In the code, there is only SCRAM-SHA-1:

https://github.com/10gen/mongo-orchestration/blob/master/mongo_orchestration/sharded_clusters.py
https://github.com/10gen/mongo-orchestration/blob/master/mongo_orchestration/common.py

behackett commented 5 years ago

I see. I think we can remove those restrictions now. We currently restrict mongo-orchestration to PyMongo <3.6 for reasons that were resolved some time ago. 3.7 added SCRAM-SHA-256. That said, there are no known security issues with SCRAM-SHA-1. Using SHA-1 in SCRAM is not even remotely the same as signing TLS certs with SHA-1.

Neustradamus commented 5 years ago

@behackett: Any news?