Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10261

Disable SSL session caching on server to avoid Java driver SSL connection problems

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.4.7, 2.5.3
    • Affects Version/s: 2.4.5
    • Component/s: Networking
    • None
    • Environment:
    • Fully Compatible
    • ALL

      Issue Status as of December 12th, 2013

      ISSUE SUMMARY
      SSL connection caching causing intermittent exceptions for Java clients.

      USER IMPACT
      Java clients making a high number of consecutive SSL connections to the server sometimes experience connections being shut down due to the session state not having been reset properly.

      It is present in versions of MongoDB prior to and including v2.4.6.

      SOLUTION
      Disable SSL session caching on the server. This also improves the security of the connection since no keys are reused.

      WORKAROUNDS
      Add a small (ms) timeout between tearing down a connection and opening a new one, to make sure that the old session does not affect the new one.

      PATCHES
      Production release v2.4.7 contains the fix for this issue, and production release v2.6.0 will contain the fix as well.

      Original Description

      It's possible to generate SSL handshake errors with a trivial Java program: https://gist.github.com/anonymous/a2c4a8ac8f9e38e22edf. This program loops indefinitely, opening a new SSL socket on each iteration and sending a single write (which initiates the handshake).

      It eventually generates this exception: http://cl.ly/image/0A2a0j0L0S1i. Note that the alert descriptions are not consistent, suggesting some sort of corruption.

      The number of iterations before an error is not consistent, and it doesn't occur if SSL debugging is enabled in the client.

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: