Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-5136

Cannot connect to a server which requires TLS1.2 or above

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Major - P3 Major - P3
    • No version
    • 1.28.4
    • Connectivity
    • None
    • Server: MongoDB Community 5.0.3, Ubuntu 20.04
      Client: MongoDBCompass 1.28.4, Windows 10
    • Not Needed

    Description

      Problem Statement/Rationale

      I configured my server to require TLS connection with version no less than TLSv1.2, by mongod command args `--tlsMode requireTLS --sslDisabledProtocols TLS1_0,TLS1_1`. I can connect to my server with Mongosh, but cannot connect to it with MongoDBCompass.

      Steps to Reproduce

      1. you can run a server with something similar as `mongod --tlsCertificateKeyFile cert.pem --tlsMode requireTLS --sslDisabledProtocols TLS1_0,TLS1_1 --auth --bind_ip_all`, in which cert.pem should be a valid certificate issued by CA and match your domain name. 
      2. you can use MongoDBCompass to connect the server with the domain name, and set "More Options-SSL" to "System CA / Atlas Deployment",  

      Expected Results

      MongoDBCompass should be able to connected to the server

      Actual Results

      MongoDBCompass cannot connected to the server

      Additional Notes

      With WireShark, I found that the "Client Hello" sent by MongoDBCompass in the TLS handshake procedure use TLSv1.0, so the connection cannot be established. I hope compass can upgrade the TLS version used to fix the problem. see the Wireshark capture screenshots below for details. 

      The overall packets

       The Client Hello Packet

      The Server Hello packet

      Thank you!

      Attachments

        1. image-2021-10-04-12-34-17-423.png
          image-2021-10-04-12-34-17-423.png
          25 kB
        2. image-2021-10-04-12-40-11-864.png
          image-2021-10-04-12-40-11-864.png
          121 kB
        3. image-2021-10-04-12-43-48-074.png
          image-2021-10-04-12-43-48-074.png
          954 kB
        4. image-2021-10-04-12-45-10-224.png
          image-2021-10-04-12-45-10-224.png
          150 kB

        Activity

          People

            Unassigned Unassigned
            709192822@qq.com Starrah Starrah
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: