Uploaded image for project: 'C# Driver'
  1. C# Driver
  2. CSHARP-3692

Backport disabling of certificate revocation checking by default

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Icon: Unknown Unknown
    • None
    • None
    • Configuration, Security
    • None

    Description

      It's a continuing problem for users that older driver releases default to enabling of certificate revocation checking by default.

      This ticket is intended to track the work to backport the change made in the 2.7.0 release in scope of CSHARP-2279 to earlier releases of the driver.

      While it's unusual to change defaults like this in a patch release, especially around security, in practice this might be the least of evils, as it's causing continuing pain whenever LetsEncrypt has an outage. As of today, LetsEncrypt has had 21 service disruptions YTD.

      One open question is how many releases to backport the change to. The setting, defaulting to true, was introduced all the way back in the 1.8 release (9 years ago)

      Attachments

        Activity

          People

            rachelle.palmer@mongodb.com Rachelle Palmer
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: