CSHARP-5263: Remove TLS1.0 and 1.1 (#1459)

Author: BorisDog

src/MongoDB.Driver/Core/Configuration/SslStreamSettings.cs

@@ -56,7 +56,7 @@ public SslStreamSettings(
             _checkCertificateRevocation = checkCertificateRevocation.WithDefault(false);
             _clientCertificates = Ensure.IsNotNull(clientCertificates.WithDefault(Enumerable.Empty<X509Certificate>()), "clientCertificates").ToList();
             _clientCertificateSelectionCallback = clientCertificateSelectionCallback.WithDefault(null);
-            _enabledSslProtocols = enabledProtocols.WithDefault(SslProtocolsTls13 | SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls);
+            _enabledSslProtocols = enabledProtocols.WithDefault(SslProtocolsTls13 | SslProtocols.Tls12);
             _serverCertificateValidationCallback = serverCertificateValidationCallback.WithDefault(null);
         }
 

src/MongoDB.Driver/SslSettings.cs

@@ -38,7 +38,7 @@ public class SslSettings : IEquatable<SslSettings>
         private bool _checkCertificateRevocation = false;
         private X509CertificateCollection _clientCertificateCollection;
         private LocalCertificateSelectionCallback _clientCertificateSelectionCallback;
-        private SslProtocols _enabledSslProtocols = SslStreamSettings.SslProtocolsTls13 | SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls;
+        private SslProtocols _enabledSslProtocols = SslStreamSettings.SslProtocolsTls13 | SslProtocols.Tls12;
         private RemoteCertificateValidationCallback _serverCertificateValidationCallback;
 
         // the following fields are set when the SslSettings are frozen

tests/MongoDB.Driver.Tests/ClusterKeyTests.cs

@@ -228,7 +228,7 @@ private ClusterKey CreateSubject(string notEqualFieldName = null)
             var sslSettings = new SslSettings
             {
                 CheckCertificateRevocation = true,
-                EnabledSslProtocols = SslProtocols.Tls
+                EnabledSslProtocols = SslProtocols.Tls12
             };
             var useTls = false;
             var waitQueueSize = 20;
@@ -385,7 +385,7 @@ internal ClusterKey CreateSubjectWith(
             var sslSettings = new SslSettings
             {
                 CheckCertificateRevocation = true,
-                EnabledSslProtocols = SslProtocols.Tls
+                EnabledSslProtocols = SslProtocols.Tls12
             };
             var useTls = false;
             var waitQueueSize = 20;

tests/MongoDB.Driver.Tests/ClusterRegistryTests.cs

@@ -22,10 +22,10 @@
 using MongoDB.Bson;
 using MongoDB.Bson.TestHelpers;
 using MongoDB.Driver.Core.Clusters;
-using MongoDB.Driver.Core.Servers;
 using MongoDB.Driver.Core.Compression;
 using MongoDB.Driver.Core.Configuration;
 using MongoDB.Driver.Core.Misc;
+using MongoDB.Driver.Core.Servers;
 using MongoDB.Driver.Core.TestHelpers.Logging;
 using Xunit;
 using Xunit.Abstractions;
@@ -59,7 +59,7 @@ public void GetOrCreateCluster_should_return_a_cluster_with_the_correct_settings
             var sslSettings = new SslSettings
             {
                 CheckCertificateRevocation = true,
-                EnabledSslProtocols = SslProtocols.Tls
+                EnabledSslProtocols = SslProtocols.Tls12
             };
             var kmsProviders = new Dictionary<string, IReadOnlyDictionary<string, object>>()
             {

tests/MongoDB.Driver.Tests/Core/Configuration/SslStreamSettingsTests.cs

@@ -34,7 +34,7 @@ public void constructor_should_initialize_instance()
             subject.CheckCertificateRevocation.Should().BeFalse();
             subject.ClientCertificates.Should().BeEmpty();
             subject.ClientCertificateSelectionCallback.Should().BeNull();
-            subject.EnabledSslProtocols.Should().Be(SslStreamSettings.SslProtocolsTls13 | SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls);
+            subject.EnabledSslProtocols.Should().Be(SslStreamSettings.SslProtocolsTls13 | SslProtocols.Tls12);
             subject.ServerCertificateValidationCallback.Should().BeNull();
         }
 
@@ -170,8 +170,8 @@ public void With_clientCertificateSelectionCallback_should_return_expected_resul
         [Fact]
         public void With_enabledProtocols_should_return_expected_result()
         {
-            var oldEnabledProtocols = SslProtocols.Tls;
-            var newEnabledProtocols = SslProtocols.Tls12;
+            var oldEnabledProtocols = SslProtocols.Tls12;
+            var newEnabledProtocols = SslStreamSettings.SslProtocolsTls13;
             var subject = new SslStreamSettings(enabledProtocols: oldEnabledProtocols);
 
             var result = subject.With(enabledProtocols: newEnabledProtocols);

tests/MongoDB.Driver.Tests/MongoClientSettingsTests.cs

@@ -1400,7 +1400,7 @@ public void ToClusterKey_should_copy_relevant_values()
             var sslSettings = new SslSettings
             {
                 CheckCertificateRevocation = true,
-                EnabledSslProtocols = SslProtocols.Tls
+                EnabledSslProtocols = SslProtocols.Tls12
             };
 
             var subject = new MongoClientSettings

tests/MongoDB.Driver.Tests/SslSettingsTests.cs

@@ -13,14 +13,14 @@
 * limitations under the License.
 */
 
-using FluentAssertions;
 using System;
 using System.IO;
 using System.Linq;
 using System.Net.Security;
 using System.Reflection;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
+using FluentAssertions;
 using MongoDB.Driver.Core.Configuration;
 using Xunit;
 
@@ -104,7 +104,7 @@ public void TestClone()
                 CheckCertificateRevocation = false,
                 ClientCertificates = new[] { new X509Certificate2(certificateFileName, "password") },
                 ClientCertificateSelectionCallback = ClientCertificateSelectionCallback,
-                EnabledSslProtocols = SslProtocols.Tls,
+                EnabledSslProtocols = SslProtocols.Tls12,
                 ServerCertificateValidationCallback = ServerCertificateValidationCallback
             };
 
@@ -119,7 +119,7 @@ public void TestDefaults()
             settings.CheckCertificateRevocation.Should().BeFalse();
             Assert.Equal(null, settings.ClientCertificates);
             Assert.Equal(null, settings.ClientCertificateSelectionCallback);
-            Assert.Equal(SslStreamSettings.SslProtocolsTls13 | SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls, settings.EnabledSslProtocols);
+            Assert.Equal(SslStreamSettings.SslProtocolsTls13 | SslProtocols.Tls12, settings.EnabledSslProtocols);
             Assert.Equal(null, settings.ServerCertificateValidationCallback);
         }
 
@@ -157,9 +157,9 @@ public void TestEquals()
         public void TestEnabledSslProtocols()
         {
             var settings = new SslSettings();
-            Assert.Equal(SslStreamSettings.SslProtocolsTls13 | SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls, settings.EnabledSslProtocols);
+            Assert.Equal(SslStreamSettings.SslProtocolsTls13 | SslProtocols.Tls12, settings.EnabledSslProtocols);
 
-            var enabledSslProtocols = SslProtocols.Tls;
+            var enabledSslProtocols = SslProtocols.Tls12;
             settings.EnabledSslProtocols = enabledSslProtocols;
             Assert.Equal(enabledSslProtocols, settings.EnabledSslProtocols);