[SERVER-11601] SSL server hostname validation should use unicode canonicalization NFC Created: 06/Nov/13  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.3
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-10897 User and role names should be canonic... Backlog
Assigned Teams:
Server Security
Participants:

 Description   

NFC Unicode Canonicalization should be used when comparing hostnames with certificate properties in the hostname validation code in the SSL engine for the shell and C++ driver. See http://tools.ietf.org/html/rfc5891 and http://www.ietf.org/rfc/rfc4343.txt

This will be a joint effort with implementing NFC for username, passwords etc.


Generated at Thu Feb 08 03:26:16 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.