Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2823

Ensure openssl legacy unsafe renegotiation can be configured via the MongoClient

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Component/s: Security, URI Options
    • Labels:
      None
    • Needed
    • Hide

      Summary of necessary driver changes

      •  

      Commits for syncing spec/prose tests
      (and/or refer to an existing language POC if needed)

      •  

      Context for other referenced/linked tickets

      •  
      Show
      Summary of necessary driver changes   Commits for syncing spec/prose tests (and/or refer to an existing language POC if needed)   Context for other referenced/linked tickets  

      Drivers that use TLS libraries or runtime TLS APIs based on openssl 3 may throw errors such as MongoServerSelectionError: C8320000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:c:\ws\deps\openssl\openssl\ssl\statem\extensions.c:922: in certain environments (such as when run behind corporate firewalls).

      To ensure developers can work around this, the SSL_OP_LEGACY_SERVER_CONNECT SSL option flag should be configurable via the MongoClient.

            Assignee:
            shane.harvey@mongodb.com Shane Harvey
            Reporter:
            alex.bevilacqua@mongodb.com Alex Bevilacqua
            James Kovacs James Kovacs
            Alex Bevilacqua Alex Bevilacqua
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: