Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2507

Permit tlsDisableOCSPEndpointCheck in KMS TLS options

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: Client Side Encryption
    • None
    • Needed
    • Hide
      • Permit the "tlsDisableOCSPEndpointCheck" in KMS TLS options
        • This may not be applicable if the driver does not support the option
      • Implement prose test to validate the change.

      See the specification and prose test here: https://github.com/mongodb/specifications/commit/eec11c2e9b200a331df8d7a074dbc94714d2ddd7

      Show
      Permit the "tlsDisableOCSPEndpointCheck" in KMS TLS options This may not be applicable if the driver does not support the option Implement prose test to validate the change. See the specification and prose test here: https://github.com/mongodb/specifications/commit/eec11c2e9b200a331df8d7a074dbc94714d2ddd7
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-4528 Fixed 1.24.0
      CXX-2615 Backlog
      CSHARP-4433 Works as Designed
      GODRIVER-2664 Backlog
      JAVA-4818 Won't Do
      NODE-4840 Won't Do
      MOTOR-1069 Duplicate
      PYTHON-3533 Fixed 4.4
      PHPC-2188 Fixed 1.16.0
      RUBY-3187 Fixed 2.19.0, 2.18.2
      RUST-1549 Won't Do
      SWIFT-1681 Won't Do
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-4528 Fixed 1.24.0 CXX-2615 Backlog CSHARP-4433 Works as Designed GODRIVER-2664 Backlog JAVA-4818 Won't Do NODE-4840 Won't Do MOTOR-1069 Duplicate PYTHON-3533 Fixed 4.4 PHPC-2188 Fixed 1.16.0 RUBY-3187 Fixed 2.19.0, 2.18.2 RUST-1549 Won't Do SWIFT-1681 Won't Do

      Summary

      Permit tlsDisableOCSPEndpointCheck in KMS TLS options

      Motivation

      The Client-Side Encryption specification currently suggests drivers to raise an error if insecure TLS options are set.

      The rationale is to avoid enabling insecure settings when using CSFLE.

      Who is the affected end user?

      Users of CSFLE experiencing timeouts due to slow OCSP checks.

      How does this affect the end user?

      Users may get errors during CSFLE operations requiring KMS.

      How likely is it that this problem or use case will occur?

      Not sure. There is only one known user report of this issue.

      If the problem does occur, what are the consequences and how severe are they?

      Unable to complete CSFLE operations.

      Is this issue urgent?

      Not sure.

      Is this ticket required by a downstream team?

      No.

      Is this ticket only for tests?

      No.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: