<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:25:45 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2507] Permit tlsDisableOCSPEndpointCheck in KMS TLS options</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2507</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #fafbfc;border-color: #21313c;border-style: solid;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #fafbfc;&quot;&gt;
&lt;h3&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;&lt;b&gt;Summary&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;Permit tlsDisableOCSPEndpointCheck in KMS TLS options&lt;/p&gt;

&lt;h3&gt;&lt;a name=&quot;Motivation&quot;&gt;&lt;/a&gt;&lt;b&gt;Motivation&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;The &lt;a href=&quot;https://github.com/mongodb/specifications/blob/64cf83b604107edffe9f75eb91b0690d5daa8b7c/source/client-side-encryption/client-side-encryption.rst#kms-provider-tls-options&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Client-Side Encryption specification&lt;/a&gt; currently suggests drivers to raise an error if insecure TLS options are set.&lt;/p&gt;

&lt;p&gt;The rationale is to avoid enabling insecure settings when using CSFLE.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Whoistheaffectedenduser%3F&quot;&gt;&lt;/a&gt;Who is the affected end user?&lt;/h4&gt;
&lt;p&gt;Users of CSFLE experiencing timeouts due to slow OCSP checks.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Howdoesthisaffecttheenduser%3F&quot;&gt;&lt;/a&gt;How does this affect the end user?&lt;/h4&gt;
&lt;p&gt;Users may get errors during CSFLE operations requiring KMS.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Howlikelyisitthatthisproblemorusecasewilloccur%3F&quot;&gt;&lt;/a&gt;How likely is it that this problem or use case will occur?&lt;/h4&gt;
&lt;p&gt;Not sure. There is only one known user report of this issue.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Iftheproblemdoesoccur%2Cwhataretheconsequencesandhowseverearethey%3F&quot;&gt;&lt;/a&gt;If the problem does occur, what are the consequences and how severe are they?&lt;/h4&gt;
&lt;p&gt;Unable to complete CSFLE operations.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisissueurgent%3F&quot;&gt;&lt;/a&gt;Is this issue urgent?&lt;/h4&gt;
&lt;p&gt;Not sure.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketrequiredbyadownstreamteam%3F&quot;&gt;&lt;/a&gt;Is this ticket required by a downstream team?&lt;/h4&gt;
&lt;p&gt;No.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketonlyfortests%3F&quot;&gt;&lt;/a&gt;Is this ticket only for tests?&lt;/h4&gt;
&lt;p&gt;No.&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="2192480">DRIVERS-2507</key>
            <summary>Permit tlsDisableOCSPEndpointCheck in KMS TLS options</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="13453" iconUrl="https://jira.mongodb.org/images/icons/status_generic.gif" description="">Implementing</status>
                    <statusCategory id="4" key="indeterminate" colorName="inprogress"/>
                                    <resolution id="-1">Unresolved</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="kevin.albertson@mongodb.com">Kevin Albertson</reporter>
                        <labels>
                    </labels>
                <created>Tue, 22 Nov 2022 19:51:03 +0000</created>
                <updated>Tue, 6 Dec 2022 13:33:45 +0000</updated>
                                                                <component>Client Side Encryption</component>
                                        <votes>2</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="5032055" author="JIRAUSER1264020" created="Tue, 6 Dec 2022 01:45:23 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=kevin.albertson%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;kevin.albertson@mongodb.com&quot;&gt;kevin.albertson@mongodb.com&lt;/a&gt;&#160;&lt;/p&gt;

&lt;p&gt;May I know if we can have a schedule to share with customer when will this ticket completed so they can test the code change? Thanks.&lt;/p&gt;</comment>
                            <comment id="5031007" author="xgen-internal-githook" created="Mon, 5 Dec 2022 19:27:53 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2507&quot; title=&quot;Permit tlsDisableOCSPEndpointCheck in KMS TLS options&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2507&quot;&gt;DRIVERS-2507&lt;/a&gt; Permit `tlsDisableOCSPEndpointCheck` in KMS TLS options (#1354)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2507&quot; title=&quot;Permit tlsDisableOCSPEndpointCheck in KMS TLS options&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2507&quot;&gt;DRIVERS-2507&lt;/a&gt; Permit `tlsDisableOCSPEndpointCheck` in KMS TLS options&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;add test for `tlsDisableOCSPEndpointCheck`&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/specifications/commit/eec11c2e9b200a331df8d7a074dbc94714d2ddd7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/eec11c2e9b200a331df8d7a074dbc94714d2ddd7&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="5025020" author="kevin.albertson" created="Fri, 2 Dec 2022 13:36:50 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=prince.bhardwaj%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;prince.bhardwaj@mongodb.com&quot;&gt;prince.bhardwaj@mongodb.com&lt;/a&gt; drivers are recommended to cache OCSP responses: &lt;a href=&quot;https://github.com/mongodb/specifications/blob/735a667672c758617821e3c5dda99c551e007375/source/ocsp-support/ocsp-support.rst#suggested-ocsp-caching-behavior&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/blob/735a667672c758617821e3c5dda99c551e007375/source/ocsp-support/ocsp-support.rst#suggested-ocsp-caching-behavior&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5024436" author="JIRAUSER1263297" created="Fri, 2 Dec 2022 06:33:27 +0000"  >&lt;p&gt;Hello &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=kenneth.white%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;kenneth.white@mongodb.com&quot;&gt;kenneth.white@mongodb.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;We got a suggestion from customer in regards to Permit tlsDisableOCSPEndpointCheck in KMS TLS options that &#160;instead of option to disable the validation enitrely adding a cache at the Driver layer can help in this?&lt;/p&gt;

&lt;p&gt;Please let us know if that can be done.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                            <outwardlinks description="split to">
                                        <issuelink>
            <issuekey id="2195677">PYTHON-3533</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2195671">CXX-2615</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2195673">GODRIVER-2664</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2195675">NODE-4840</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2195680">RUST-1549</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2195670">CDRIVER-4528</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2195672">CSHARP-4433</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2195674">JAVA-4818</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2195676">MOTOR-1069</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2195678">PHPC-2188</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2195679">RUBY-3187</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                            <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5006R00001nq24KQAQ]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;ul&gt;
	&lt;li&gt;Permit the &quot;tlsDisableOCSPEndpointCheck&quot; in KMS TLS options&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;
	&lt;ul&gt;
		&lt;li&gt;This may not be applicable if the driver does not support the option&lt;/li&gt;
	&lt;/ul&gt;
	&lt;/li&gt;
	&lt;li&gt;Implement prose test to validate the change.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;See the specification and prose test here: &lt;a href=&quot;https://github.com/mongodb/specifications/commit/eec11c2e9b200a331df8d7a074dbc94714d2ddd7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/commit/eec11c2e9b200a331df8d7a074dbc94714d2ddd7&lt;/a&gt;&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10748"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_23952" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Driver Compliance</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<style type='text/css'>
         #scriptField, #scriptField *{
                border: 1px solid black;
            }

            #scriptField{
                border-collapse: collapse;
            }

            #scriptField td {
                text-align: center; /* Center-align text in table cells */
            }

            #scriptField td.key {
                text-align: left; /* Left-align text in the Key column */
            }

            #scriptField a {
                text-decoration: none; /* Remove underlines from links */
                border: none; /* Remove border from links */
            }
            
            /* Add green background color to cells with FixVersion */
            #scriptField td.hasFixVersion {
                background-color: #00FF00; /* Green color code */
            }

            /* Center-align the first row headers */
            #scriptField th {
                text-align: center;
            }
        </style>
<table id='scriptField'>
  <tr>
    <th>Key</th>
    <th>Status/Resolution</th>
    <th>FixVersion</th>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CDRIVER-4528'>CDRIVER-4528</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>1.24.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CXX-2615'>CXX-2615</a>
    </td>
    <td>Backlog</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CSHARP-4433'>CSHARP-4433</a>
    </td>
    <td>Works as Designed</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/GODRIVER-2664'>GODRIVER-2664</a>
    </td>
    <td>Backlog</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/JAVA-4818'>JAVA-4818</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/NODE-4840'>NODE-4840</a>
    </td>
    <td>Blocked</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/MOTOR-1069'>MOTOR-1069</a>
    </td>
    <td>Duplicate</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PYTHON-3533'>PYTHON-3533</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>4.4</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PHPC-2188'>PHPC-2188</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>1.16.0</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUBY-3187'>RUBY-3187</a>
    </td>
    <td>Fixed</td>
    <td class='hasFixVersion'>2.19.0, 2.18.2</td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUST-1549'>RUST-1549</a>
    </td>
    <td>Blocked</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/SWIFT-1681'>SWIFT-1681</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
</table>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i1296g:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>