CSHARP-1744: changing ssl protocol defaults to only support tls.

craiggwilson · craiggwilson · commit e126d1870565 · 2016-08-10T18:47:03.000-05:00
diff --git a/src/MongoDB.Driver.Core/Core/Configuration/SslStreamSettings.cs b/src/MongoDB.Driver.Core/Core/Configuration/SslStreamSettings.cs
@@ -53,13 +53,7 @@ public SslStreamSettings(
             _checkCertificateRevocation = checkCertificateRevocation.WithDefault(true);
             _clientCertificates = Ensure.IsNotNull(clientCertificates.WithDefault(Enumerable.Empty<X509Certificate>()), "clientCertificates").ToList();
             _clientCertificateSelectionCallback = clientCertificateSelectionCallback.WithDefault(null);
-#if NETSTANDARD1_6
-#pragma warning disable 618
-            _enabledSslProtocols = enabledProtocols.WithDefault(SslProtocols.Tls | SslProtocols.Ssl3);
-#pragma warning restore
-#else
-            _enabledSslProtocols = enabledProtocols.WithDefault(SslProtocols.Default);
-#endif
+            _enabledSslProtocols = enabledProtocols.WithDefault(SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls);
             _serverCertificateValidationCallback = serverCertificateValidationCallback.WithDefault(null);
         }
 
diff --git a/src/MongoDB.Driver/SslSettings.cs b/src/MongoDB.Driver/SslSettings.cs
@@ -37,13 +37,7 @@ public class SslSettings : IEquatable<SslSettings>
         private bool _checkCertificateRevocation = true;
         private X509CertificateCollection _clientCertificateCollection;
         private LocalCertificateSelectionCallback _clientCertificateSelectionCallback;
-#if NETSTANDARD1_6
-#pragma warning disable 618
-        private SslProtocols _enabledSslProtocols = SslProtocols.Tls | SslProtocols.Ssl3;
-#pragma warning restore
-#else
-        private SslProtocols _enabledSslProtocols = SslProtocols.Default;
-#endif
+        private SslProtocols _enabledSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
         private RemoteCertificateValidationCallback _serverCertificateValidationCallback;
 
         // the following fields are set when the SslSettings are frozen
@@ -253,7 +247,7 @@ public override string ToString()
             {
                 parts.Add(string.Format("ServerCertificateValidationCallback={0}", _serverCertificateValidationCallback.GetMethodInfo().Name));
             }
-            
+
             return string.Format("{{{0}}}", string.Join(",", parts.ToArray()));
         }
 
diff --git a/tests/MongoDB.Driver.Core.Tests/Core/Configuration/SslStreamSettingsTests.cs b/tests/MongoDB.Driver.Core.Tests/Core/Configuration/SslStreamSettingsTests.cs
@@ -34,13 +34,7 @@ public void constructor_should_initialize_instance()
             subject.CheckCertificateRevocation.Should().BeTrue();
             subject.ClientCertificates.Should().BeEmpty();
             subject.ClientCertificateSelectionCallback.Should().BeNull();
-#if NETSTANDARD1_6
-#pragma warning disable 618
-            subject.EnabledSslProtocols.Should().Be(SslProtocols.Tls | SslProtocols.Ssl3);
-#pragma warning restore
-#else
-            subject.EnabledSslProtocols.Should().Be(SslProtocols.Default);
-#endif
+            subject.EnabledSslProtocols.Should().Be(SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls);
             subject.ServerCertificateValidationCallback.Should().BeNull();
         }
 
diff --git a/tests/MongoDB.Driver.Tests/SslSettingsTests.cs b/tests/MongoDB.Driver.Tests/SslSettingsTests.cs
@@ -118,13 +118,7 @@ public void TestDefaults()
             Assert.Equal(true, settings.CheckCertificateRevocation);
             Assert.Equal(null, settings.ClientCertificates);
             Assert.Equal(null, settings.ClientCertificateSelectionCallback);
-#if NETSTANDARD1_6
-#pragma warning disable 618
-            Assert.Equal(SslProtocols.Tls | SslProtocols.Ssl3, settings.EnabledSslProtocols);
-#pragma warning restore
-#else
-            Assert.Equal(SslProtocols.Default, settings.EnabledSslProtocols);
-#endif
+            Assert.Equal(SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls, settings.EnabledSslProtocols);
             Assert.Equal(null, settings.ServerCertificateValidationCallback);
         }
 
@@ -161,13 +155,7 @@ public void TestEquals()
         public void TestEnabledSslProtocols()
         {
             var settings = new SslSettings();
-#if NETSTANDARD1_6
-#pragma warning disable 618
-            Assert.Equal(SslProtocols.Tls | SslProtocols.Ssl3, settings.EnabledSslProtocols);
-#pragma warning restore
-#else
-            Assert.Equal(SslProtocols.Default, settings.EnabledSslProtocols);
-#endif
+            Assert.Equal(SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls, settings.EnabledSslProtocols);
 
             var enabledSslProtocols = SslProtocols.Tls;
             settings.EnabledSslProtocols = enabledSslProtocols;
