Uploaded image for project: 'Go Driver'
  1. Go Driver
  2. GODRIVER-2112

GoDriver(1.7.0)/mongodump(version:100.4.1) failed to connect to mongodb cluster 4.0 in ssl mode

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Gone away
    • Icon: Major - P3 Major - P3
    • None
    • 1.7.0
    • None
    • None
    • x86_64

    Description

      1, When I use GoDriver(1.7.0) to connect mongodb cluster 4.0 in ssl mode, the error occurs as below:

      **Failed: can't create session: could not connect to server: server selection error: server selection timeout, current topology: \{ Type: Single, Servers: [{ Addr: 127.0.0.1:27017, Type: Unknown, Last error: connection() error occured during connection handshake: EOF }, ] }
      

      2, As known that mongodump used the GoDriver. So, I also tried to use the lasted mongodump(version:100.4.1) to connect mongodb cluster 4.0 in ssl mode, it also has the same error:
      the command is:

      ./mongodump.100.4.1 --host 127.0.0.1 --port=27017 --ssl --sslCAFile /compile/mongodb/ca.crt --sslAllowInvalidHostnames -u myuser -p Test_1234 --authenticationDatabase=admin -d mydb -c mycol --gzip --archive=/tmp/mydb.mycol.tar.gz
      WARNING: --sslAllowInvalidCertificates and --sslAllowInvalidHostnames are deprecated, please use --tlsInsecure instead
      Failed: can't create session: could not connect to server: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: 127.0.0.1:27017, Type: Unknown, Last error: connection() error occured during connection handshake: EOF }, ] }
      

      3, About point 1 and point 2, the configuration in mongodb cluster mongos node is:
      net:
      ssl:
      mode: requireSSL
      disabledProtocols: TLS1_0,TLS1_1
      sslCipherConfig: DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
      setParameter:
      opensslDiffieHellmanParameters: /CA/dh.pem

      => But, when I add AES256-GCM-SHA384:AES128-GCM-SHA256 in sslCipherConfig and restart node; all the connections(point 1 and point 2) become okay.

      4, Question:
      4-1 => Does the GoDriver(1.7.0)/mongodump(version:100.4.1) not support DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 when connect to mongodb cluster 4.0 in ssl mode ? can you help to confirm this?
      4-2 => I don't want to use AES256-GCM-SHA384:AES128-GCM-SHA256 for weak security, How can I connect to mongodb cluster 4.0 with DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 in ssl mode ?

      Attachments

        Activity

          People

            benji.rewis@mongodb.com Benji Rewis (Inactive)
            yeliang1006@163.com Ye Liang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: