Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10261

Disable SSL session caching on server to avoid Java driver SSL connection problems

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.4.5
    • Fix Version/s: 2.4.7, 2.5.3
    • Component/s: Networking
    • Labels:
      None
    • Environment:
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL

      Description

      Issue Status as of December 12th, 2013

      ISSUE SUMMARY
      SSL connection caching causing intermittent exceptions for Java clients.

      USER IMPACT
      Java clients making a high number of consecutive SSL connections to the server sometimes experience connections being shut down due to the session state not having been reset properly.

      It is present in versions of MongoDB prior to and including v2.4.6.

      SOLUTION
      Disable SSL session caching on the server. This also improves the security of the connection since no keys are reused.

      WORKAROUNDS
      Add a small (ms) timeout between tearing down a connection and opening a new one, to make sure that the old session does not affect the new one.

      PATCHES
      Production release v2.4.7 contains the fix for this issue, and production release v2.6.0 will contain the fix as well.

      Original Description

      It's possible to generate SSL handshake errors with a trivial Java program: https://gist.github.com/anonymous/a2c4a8ac8f9e38e22edf. This program loops indefinitely, opening a new SSL socket on each iteration and sending a single write (which initiates the handshake).

      It eventually generates this exception: http://cl.ly/image/0A2a0j0L0S1i. Note that the alert descriptions are not consistent, suggesting some sort of corruption.

      The number of iterations before an error is not consistent, and it doesn't occur if SSL debugging is enabled in the client.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              andreas.nilsson Andreas Nilsson
              Reporter:
              jeff.yemin Jeffrey Yemin
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: