Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31701

Shell cannot connect with --ssl to a mongod with TLS1_0 disabled

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: 3.4.9
    • Component/s: Shell
    • Labels:
      None
    • Operating System:
      ALL
    • Steps To Reproduce:
      Hide
      1. Start mongod with TLS1_0 disabled

        mongod --sslMode requireSSL --sslDisabledProtocols TLS1_0 --sslPEMKeyFile server.pem --dbpath /data --logpath /data/mongod.log --port 27017 --fork  --bind_ip localhost --wiredTigerCacheSizeGB 0.1
        

      2. Try to connect

        mongo --verbose --ssl --sslCAFile root-ca.pem --sslAllowInvalidHostnames
        MongoDB shell version v3.4.9
        connecting to: mongodb://127.0.0.1:27017
        2017-10-24T14:13:29.983-0400 D NETWORK  [thread1] creating new connection to:127.0.0.1:27017
        2017-10-24T14:13:29.984-0400 E QUERY    [thread1] Error: socket exception [CLOSED] for 127.0.0.1:27017 :
        connect@src/mongo/shell/mongo.js:237:13
        @(connect):1:6
        2017-10-24T14:13:29.984-0400 D -        [thread1] User Assertion: 12513:connect failed src/mongo/shell/shell_utils.cpp 256
        2017-10-24T14:13:29.984-0400 I QUERY    [thread1] MozJS GC prologue heap stats -  total: 3502210 limit: 0
        2017-10-24T14:13:29.986-0400 I QUERY    [thread1] MozJS GC epilogue heap stats -  total: 349114 limit: 0
        2017-10-24T14:13:29.986-0400 I QUERY    [thread1] MozJS GC prologue heap stats -  total: 240818 limit: 0
        2017-10-24T14:13:29.986-0400 I QUERY    [thread1] MozJS GC epilogue heap stats -  total: 49450 limit: 0
        2017-10-24T14:13:29.987-0400 D -        [main] User Assertion: 12513:connect failed src/mongo/scripting/mozjs/proxyscope.cpp 299
        exception: connect failed
        

      Show
      Start mongod with TLS1_0 disabled mongod --sslMode requireSSL --sslDisabledProtocols TLS1_0 --sslPEMKeyFile server.pem --dbpath /data --logpath /data/mongod.log --port 27017 --fork --bind_ip localhost --wiredTigerCacheSizeGB 0.1 Try to connect mongo --verbose --ssl --sslCAFile root-ca.pem --sslAllowInvalidHostnames MongoDB shell version v3.4.9 connecting to: mongodb://127.0.0.1:27017 2017-10-24T14:13:29.983-0400 D NETWORK [thread1] creating new connection to:127.0.0.1:27017 2017-10-24T14:13:29.984-0400 E QUERY [thread1] Error: socket exception [CLOSED] for 127.0.0.1:27017 : connect@src/mongo/shell/mongo.js:237:13 @(connect):1:6 2017-10-24T14:13:29.984-0400 D - [thread1] User Assertion: 12513:connect failed src/mongo/shell/shell_utils.cpp 256 2017-10-24T14:13:29.984-0400 I QUERY [thread1] MozJS GC prologue heap stats - total: 3502210 limit: 0 2017-10-24T14:13:29.986-0400 I QUERY [thread1] MozJS GC epilogue heap stats - total: 349114 limit: 0 2017-10-24T14:13:29.986-0400 I QUERY [thread1] MozJS GC prologue heap stats - total: 240818 limit: 0 2017-10-24T14:13:29.986-0400 I QUERY [thread1] MozJS GC epilogue heap stats - total: 49450 limit: 0 2017-10-24T14:13:29.987-0400 D - [main] User Assertion: 12513:connect failed src/mongo/scripting/mozjs/proxyscope.cpp 299 exception: connect failed

      Description

      Shell cannot connect to mongod with TLS1_0 disabled

      The mongod log file

      tail mongod.log
      2017-10-24T14:13:27.180-0400 I CONTROL  [initandlisten]
      2017-10-24T14:13:27.180-0400 I CONTROL  [initandlisten] ** WARNING: No SSL certificate validation can be performed since no CA file has been provided
      2017-10-24T14:13:27.180-0400 I CONTROL  [initandlisten] **          Please specify an sslCAFile parameter.
      2017-10-24T14:13:27.180-0400 I CONTROL  [initandlisten]
      2017-10-24T14:13:27.182-0400 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/data/diagnostic.data'
      2017-10-24T14:13:27.182-0400 I NETWORK  [thread1] waiting for connections on port 27017 ssl
      2017-10-24T14:13:28.011-0400 I FTDC     [ftdc] Unclean full-time diagnostic data capture shutdown detected, found interim file, some metrics may have been lost. OK
      2017-10-24T14:13:29.984-0400 I NETWORK  [thread1] connection accepted from 127.0.0.1:53537 #1 (1 connection now open)
      2017-10-24T14:13:29.984-0400 E NETWORK  [conn1] SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
      2017-10-24T14:13:29.984-0400 I -        [conn1] end connection 127.0.0.1:53537 (1 connection now open)
      

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated: