Support TLS v1.3 in Secure Channel

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Unresolved
    • Priority: Unknown
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • None
    • C Drivers
    • None
    • None
    • None
    • None
    • None
    • None

      Enable TLS 1.3 in the C driver when using Windows Secure Channel as the TLS implementation (default on Windows).

      Background & Motivation

      The Windows Secure Channel TLS implementation does not enable TLS 1.3.

      Windows server 2022 supports TLS 1.3.

      libcurl may help as reference. From experimenting, it appears two changes are needed:

      • Handle renegotiation (currently does nothing?).
      • Switch from SCHANNEL_CRED to SCH_CREDENTIALS.

      The MongoDB server does not yet support TLS v1.3 on Windows (SERVER-98279). But I expect supporting TLS v1.3 will improve the security posture, and may be a future need if users that disable older TLS protocols.

              Assignee:
              Unassigned
              Reporter:
              Kevin Albertson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: