[SERVER-11601] SSL server hostname validation should use unicode canonicalization NFC Created: 06/Nov/13 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.5.3 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Andreas Nilsson | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Participants: | |||||||||
| Description |
|
NFC Unicode Canonicalization should be used when comparing hostnames with certificate properties in the hostname validation code in the SSL engine for the shell and C++ driver. See http://tools.ietf.org/html/rfc5891 and http://www.ietf.org/rfc/rfc4343.txt This will be a joint effort with implementing NFC for username, passwords etc. |