[CSHARP-2279] Disable certificate revocation checking by default Created: 25/May/18  Updated: 28/Oct/23  Resolved: 25/Jun/18

Status: Closed
Project: C# Driver
Component/s: Configuration, Security
Affects Version/s: None
Fix Version/s: 2.7.0

Type: Improvement Priority: Major - P3
Reporter: Vincent Kam (Inactive) Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to CSHARP-2278 Update SSL Documentation regarding de... Backlog
Case:

 Description   

The C# Driver currently enables certificate revocation checking by default (https://github.com/mongodb/mongo-csharp-driver/blob/ec74978f7e827515f29cc96fba0c727828e8df7c/src/MongoDB.Driver.Core/Core/Configuration/SslStreamSettings.cs#L53), in contrast to the shell and the Python driver. This is also in contrast to .NET's defaults for SslStream (see https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.authenticateasclient?view=netframework-4.7.2#System_Net_Security_SslStream_AuthenticateAsClient_System_String_ and https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream.authenticateasclient?view=netstandard-2.0#System_Net_Security_SslStream_AuthenticateAsClient_System_String_ 

We should consider changing this default. However, clearly, there are potential security concerns for users relying on the default setting.



 Comments   
Comment by Githook User [ 25/Jun/18 ]

Author:

{'username': 'vincentkam', 'name': 'vincentkam', 'email': 'vincent.kam@10gen.com'}

Message: CSHARP-2279: Disable certificate revocation checking by default
Branch: master
https://github.com/mongodb/mongo-csharp-driver/commit/14e046f23640ff9257c4edf53065b9a6768254d4

Generated at Wed Feb 07 21:42:06 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.