Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 2.7.0
Affects Version/s: None
Component/s: Configuration, Security
Labels:
None

Case:

The C# Driver currently enables certificate revocation checking by default (https://github.com/mongodb/mongo-csharp-driver/blob/ec74978f7e827515f29cc96fba0c727828e8df7c/src/MongoDB.Driver.Core/Core/Configuration/SslStreamSettings.cs#L53), in contrast to the shell and the Python driver. This is also in contrast to .NET's defaults for SslStream (see https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.authenticateasclient?view=netframework-4.7.2#System_Net_Security_SslStream_AuthenticateAsClient_System_String_ and https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.authenticateasclient?view=netstandard-2.0#System_Net_Security_SslStream_AuthenticateAsClient_System_String_

We should consider changing this default. However, clearly, there are potential security concerns for users relying on the default setting.

related to

CSHARP-2278 Update SSL Documentation regarding default certificate revocation checking behavior

Closed

Assignee:: Unassigned

Reporter:: Vincent Kam (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: May 25 2018 02:29:14 PM UTC

Updated:: Oct 28 2023 11:49:02 AM UTC

Resolved:: Jun 25 2018 04:56:43 PM UTC