This is your weekly summary of Compose news for those changes and updates which can make your life easier. In this edition, we remind you about the 1st of March TLS 1.0/1.1 removal and review the past week of Compose Articles.
An update on TLS and Compose
We're removing support for older versions of TLS, also known as SSL (the protocol that TLS replaced), on the 1st of March. This removal, as announced at the end of November 2017, is designed to improve the security of your database and API services. As we're getting closer to the removal date, we're also announcing some nuances to our plans on a per database basis.
Most databases on Compose have HAproxy based portals which manage the incoming TLS connection. On March 1st we'll be reconfiguring them to only accept TLS 1.2. This change should not be noticeable by any up-to-date stack as TLS 1.2 was introduced in 2008.
When a secure connection is being made, the two ends of the connection start with the highest available TLS version they know and begin negotiating and falling back versions. So, with TLS 1.2 at both ends of the connection there should be no falling back needed. Where a client doesn't have TLS 1.2, it will ask to fall back but find nothing to fall back to and the connection will end. That, in turn, means any issues should be found as soon as a client application tried to connect.
We'll have an article soon which will cover ways you can see if your database drivers are TLS 1.2 capable.
There are two exceptions to the plans currently:
PostgreSQL: Compose PostgreSQL uses a passthrough HAproxy connection allowing the database to handle the TLS connection directly. This means, though, that removing TLS 1.0 and 1.1 would require a full database restart. To allow you to maintain control of when that restart happens, we are planning to incorporate the TLS 1.0/1.1 removal in future PostgreSQL update made available after March 1st.
Compose for MySQL Beta: Compose for MySQL Beta also uses a passthough HAproxy connection that allows the database to handle TLS connections directly. Unlike PostgreSQL, some engineering will be required to enable TLS 1.2 for Compose for MySQL Beta. We aim to enable TLS 1.2 and disable TLS 1.0/1.1 before the product leaves beta.
In the past week, we talked containers with Kelsey Hightower, looked at Python connections to Compose databases in the Grand Tour and, in NewBits, we looked at the latest Mongoose.
- Tying up with the New Builder's Podcast, Kubernetes guru Kelsey Hightower talked with Compose's JP Phillips about all things containers and Kubernetes. Check it out in Containerizing All The Things?.
- Write Python? Want to connect to MongoDB, Elasticsearch or PostgreSQL? Then the Grand Tour Python and Compose - MongoDB, Elasticsearch and PostgreSQL is for you. The Compose Grand Tour takes its example driven goodness to Pythonic places with more to come next week.
- Mongoose 5.0 for MongoDB, new GraphQL tools, fresh JDBC drivers for PostgreSQL and lost more in NewsBits, Compose's Friday roundup of news from around the world of databases, cloud and development.
That's it for this week's Noteworthy at Compose. Onwards to next week!
Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at firstname.lastname@example.org. We're happy to hear from you.