Uploaded image for project: 'Mongoid'
  1. Mongoid
  2. MONGOID-4364

"SSL handshake failed" error for cluster accessible via Mongo shell.

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 12_01_17
    • Affects Version/s: 6.0.2
    • Component/s: None
    • Labels:
      None
    • Environment:
      Ubuntu 16.04 in a Docker 1.13 container; MongoDB 3.4.0-rc1 client and 3.2.10 server.

      When trying to access a MongoDB cluster running on Compose.io's infrastructure with Mongoid, it throws the following error:

      D, [2016-10-29T13:51:20.328988 #2891] DEBUG -- : MONGODB | Adding xxx.dblayer.com:15604 to the cluster.
      D, [2016-10-29T13:51:20.344174 #2891] DEBUG -- : MONGODB | SSL handshake failed. MongoDB may not be configured with SSL support.
      D, [2016-10-29T13:51:20.344528 #2891] DEBUG -- : MONGODB | Adding xxx.dblayer.com:15604 to the cluster.
      D, [2016-10-29T13:51:20.358100 #2891] DEBUG -- : MONGODB | SSL handshake failed. MongoDB may not be configured with SSL support.
      

      However, I'm able to log in via the Mongo shell:

      $ mongo --ssl --sslCAFile config/secrets/compose.crt xxx.dblayer.com/db_name -u user -p xxx
      MongoDB shell version v3.4.0-rc1
      connecting to: mongodb://xxx.dblayer.com/db_name
      MongoDB server version: 3.2.10
      WARNING: shell and server versions do not match
      Welcome to the MongoDB shell.
      For interactive help, type "help".
      For more comprehensive documentation, see
      	http://docs.mongodb.org/
      Questions? Try the support group
      	http://groups.google.com/group/mongodb-user
      mongos>
      

      I've verified that OpenSSL 1.0.2g is installed in the container, and that the connection works from my local machine (running macOS Sierra). This is my mongoid.yml file, with sensitive information redacted:

      mongoid.yml
      development:
        clients:
          default:
            uri: mongodb://user:<%= ENV['COMPOSE_MONGODB_PASSWORD'] %>@xxx.dblayer.com:15604,yyy.dblayer.com:15604/db_name_development?ssl=true
            options:
              ssl: true
              ssl_verify: true
              ssl_ca_cert: <%= Rails.root.join('config/secrets/compose.crt') %>
        options:
          raise_not_found_error: false
          scope_overwrite_exception: true
          use_utc: true
      test:
        clients:
          default:
            uri: mongodb://user:<%= ENV['COMPOSE_MONGODB_PASSWORD'] %>@xxx.dblayer.com:15604,yyy.dblayer.com:15604/db_name_test?ssl=true
            ssl: true
            ssl_verify: true
            ssl_ca_cert: <%= Rails.root.join('config/secrets/compose.crt') %>
            options:
              read:
                mode: :primary
              max_pool_size: 1
        options:
          raise_not_found_error: false
          scope_overwrite_exception: true
          use_utc: true
      
      staging:
        clients:
          default:
            uri: mongodb://user:<%= ENV['COMPOSE_MONGODB_PASSWORD'] %>@xxx.dblayer.com:15604,yyy.dblayer.com:15604/db_name_staging?ssl=true
            ssl: true
            ssl_verify: true
            ssl_ca_cert: <%= Rails.root.join('config/secrets/compose.crt') %>
            read:
              mode: :secondary_preferred
            options:
              max_pool_size: 75
              min_pool_size: 10
        options:
          raise_not_found_error: false
          scope_overwrite_exception: true
          use_utc: true
      
      production:
        clients:
          default:
            uri: mongodb://user:<%= ENV['COMPOSE_MONGODB_PASSWORD'] %>@xxx.dblayer.com:15604,yyy.dblayer.com:15604/db_name_production?ssl=true
            ssl: true
            ssl_verify: true
            ssl_ca_cert: <%= Rails.root.join('config/secrets/compose.crt') %>
            read:
              mode: :secondary_preferred
            options:
              max_pool_size: 75
              min_pool_size: 10
        options:
          raise_not_found_error: false
          scope_overwrite_exception: true
          use_utc: true
      

      At this point I'm not sure what else to try debugging. I'd appreciate any troubleshooting guidance you can provide! Thanks in advance for your help.

            Assignee:
            emily.stolfo Emily Stolfo
            Reporter:
            phyllisstein Daniel Shannon
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: