Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-4530

Support Non-RSA Certificates for TLS on Windows

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • tls
    • None

    Description

      The C Driver's current implementation of SSL/TLS connections on Windows (aka "winssl") uses the Secure Channel library. Specifically, the implementation primarily uses utilities provided by wincrypt.h (aka "CryptoAPI").

      However, on top of being deprecated in favor of new Cryptography API: Next Generation (aka "CNG") utilities, they do not support elliptic curve cryptography. This blocked an attempt to update test certificates from RSA to ECC to address the removal of insecure ciphers in Python 3.10 (see CDRIVER-4519).

      The C Driver's implementation of TLS connection handers on Windows must be refactored to use utilities provided by bcrypt.h and/or ncrypt.h in order to support certificates using non-RSA signature algorithms.

      Attachments

        Activity

          People

            Unassigned Unassigned
            ezra.chung@mongodb.com Ezra Chung
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: