Details
-
Bug
-
Resolution: Gone away
-
Major - P3
-
None
-
1.7.0
-
None
-
None
-
x86_64
Description
1, When I use GoDriver(1.7.0) to connect mongodb cluster 4.0 in ssl mode, the error occurs as below:
**Failed: can't create session: could not connect to server: server selection error: server selection timeout, current topology: \{ Type: Single, Servers: [{ Addr: 127.0.0.1:27017, Type: Unknown, Last error: connection() error occured during connection handshake: EOF }, ] } |
2, As known that mongodump used the GoDriver. So, I also tried to use the lasted mongodump(version:100.4.1) to connect mongodb cluster 4.0 in ssl mode, it also has the same error:
the command is:
./mongodump.100.4.1 --host 127.0.0.1 --port=27017 --ssl --sslCAFile /compile/mongodb/ca.crt --sslAllowInvalidHostnames -u myuser -p Test_1234 --authenticationDatabase=admin -d mydb -c mycol --gzip --archive=/tmp/mydb.mycol.tar.gz |
WARNING: --sslAllowInvalidCertificates and --sslAllowInvalidHostnames are deprecated, please use --tlsInsecure instead
|
Failed: can't create session: could not connect to server: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: 127.0.0.1:27017, Type: Unknown, Last error: connection() error occured during connection handshake: EOF }, ] } |
3, About point 1 and point 2, the configuration in mongodb cluster mongos node is:
net:
ssl:
mode: requireSSL
disabledProtocols: TLS1_0,TLS1_1
sslCipherConfig: DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
setParameter:
opensslDiffieHellmanParameters: /CA/dh.pem
=> But, when I add AES256-GCM-SHA384:AES128-GCM-SHA256 in sslCipherConfig and restart node; all the connections(point 1 and point 2) become okay.
4, Question:
4-1 => Does the GoDriver(1.7.0)/mongodump(version:100.4.1) not support DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 when connect to mongodb cluster 4.0 in ssl mode ? can you help to confirm this?
4-2 => I don't want to use AES256-GCM-SHA384:AES128-GCM-SHA256 for weak security, How can I connect to mongodb cluster 4.0 with DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 in ssl mode ?