-
Type: Improvement
-
Resolution: Won't Fix
-
Priority: Unknown
-
None
-
Affects Version/s: None
-
Component/s: Configuration, Security
-
None
It's a continuing problem for users that older driver releases default to enabling of certificate revocation checking by default.
This ticket is intended to track the work to backport the change made in the 2.7.0 release in scope of CSHARP-2279 to earlier releases of the driver.
While it's unusual to change defaults like this in a patch release, especially around security, in practice this might be the least of evils, as it's causing continuing pain whenever LetsEncrypt has an outage. As of today, LetsEncrypt has had 21 service disruptions YTD.
One open question is how many releases to backport the change to. The setting, defaulting to true, was introduced all the way back in the 1.8 release (9 years ago)