As of server 2.3.2, the server can validate SSL certificates on connect. This means that if you are using SSL and your client presents a certificate, it will be validated by the server. Also, the client can validate the server's certificate.
Note that the support for limiting the encryption ciphers has been pushed to 2.6. The spec labels as-of-yet unimplemented features as "not for 2.4".
The spec is targeted for completion in version 2.6.
I've tested certificate validation using the mongo shell and using the C++ driver, but I'd like to get some other driver tests in as well.
Currently we have only committed to Java and C# support, but other drivers should support this as time permits.
- depends on
-
RUBY-565 Support for SSL Certification Validation
-
- Closed
-
-
CSHARP-658 Add support for sending Client SSL certificates
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
CDRIVER-215 SSL certificate validation testing
-
- Closed
-
-
RUST-160 SSL certificate validation testing
-
- Closed
-
- is related to
-
-
- Closed
-
-
-
- Closed
-
- related to
-
-
- Closed
-
-
-
- Closed
-