[CSHARP-3692] Backport disabling of certificate revocation checking by default Created: 27/May/21 Updated: 28/May/21 Resolved: 28/May/21 |
|
| Status: | Closed |
| Project: | C# Driver |
| Component/s: | Configuration, Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Unknown |
| Reporter: | Jeffrey Yemin | Assignee: | Rachelle Palmer |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
It's a continuing problem for users that older driver releases default to enabling of certificate revocation checking by default. This ticket is intended to track the work to backport the change made in the 2.7.0 release in scope of While it's unusual to change defaults like this in a patch release, especially around security, in practice this might be the least of evils, as it's causing continuing pain whenever LetsEncrypt has an outage. As of today, LetsEncrypt has had 21 service disruptions YTD. One open question is how many releases to backport the change to. The setting, defaulting to true, was introduced all the way back in the 1.8 release (9 years ago) |
| Comments |
| Comment by Rachelle Palmer [ 28/May/21 ] | |||||||||||
|
We have decided not to fix this issue by making it available in older versions of the driver as there is a fairly trivial workaround outlined below. However we encourage all users to avoid any impact on application availability, and upgrade your MongoDB .NET driver to version 2.7 or newer when possible. If you cannot upgrade to the .NET driver version 2.7 or later, the same behavior can be achieved with the instructions below:For .NET driver versions >=1.8 but < 2.0, the fix looks like this:
For .NET driver versions 2.0 through 2.6.1, the fix looks like this:
|