[CDRIVER-2545] Make Secure Transport the default on macOS and SChannel the default on Windows Created: 13/Mar/18  Updated: 28/Oct/23  Resolved: 15/Apr/18

Status: Closed
Project: C Driver
Component/s: Build, tls
Affects Version/s: None
Fix Version/s: 1.10.0

Type: Improvement Priority: Major - P3
Reporter: A. Jesse Jiryu Davis Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by CDRIVER-1121 Default to Native TLS Implementations Closed
Related
is related to PHPC-1156 Default to Secure Transport on macOS ... Closed
Backwards Compatibility: Major Change

 Description   

Before, I was afraid to break compatibility for people accustomed to our build systems' default behavior: build with OpenSSL if possible, even on macOS where a better alternative is always available. There's growing pressure to require TLS 1.1, however, which isn't supported by the OpenSSLs that old macOS shipped. Let's switch the default in the CMake build system and make Secure Transport the default on macOS.



 Comments   
Comment by Githook User [ 15/Apr/18 ]

Author:

{'name': 'A. Jesse Jiryu Davis', 'email': 'jesse@mongodb.com', 'username': 'ajdavis'}

Message: CDRIVER-2545 use native TLS by default

The driver now uses Windows or Mac native TLS by default, instead of
searching for OpenSSL. Override with cmake -DENABLE_SSL=OPENSSL.
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/01f20552abdf54ae48d6b570989e18966a8a639d

Comment by Jeremy Mikola [ 12/Apr/18 ]

This coincides nicely with a change we're making in PHPC-1156 for bundled versions of libmongoc.

Comment by Bernie Hackett [ 13/Mar/18 ]

I agree. The main thing we want to avoid is developers trying out Atlas being unable to do so because of TLS issues.

Comment by A. Jesse Jiryu Davis [ 13/Mar/18 ]

Right, that's my thinking.

Comment by Jeremy Mikola [ 13/Mar/18 ]

I assume CDRIVER-1409 is still not a concern, since we expect macOS to primarily be used for development environments and not production?

Comment by A. Jesse Jiryu Davis [ 13/Mar/18 ]

Update mongoc_ssl_opt_t.rst.

Generated at Wed Feb 07 21:15:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.