Details

    • Type: New Feature New Feature
    • Status: In Progress In Progress
    • Priority: Major - P3 Major - P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Planning Bucket A
    • Component/s: Networking, Security
    • Labels:
      None
    • Backport:
      No
    • # Replies:
      39
    • Last comment by Customer:
      false
    • Driver changes needed?:
      No driver changes needed

      Description

      Currently, the Mongo Wire protocol sends the data essentially in clear-text. This has two implications for my user scenario. First is that there's a lot of network traffic generated for queries. When reports are run and many fields of data are retrieved, I get the same field name over and over. Some compression here would speed up the delivery of the data. The query itself is lightning fast, but the transaction is slowed down by the movement of the massive amount of data.

      Second, the clear-text has security implications. Running SSL or some similar secure wire protocol could solve potentially both these issues.

      Thanks!

      Edit: Need to support auto-negotiation, and optional (both ssl/non-ssl connections), preferred and forced modes.
      https://jira.mongodb.org/browse/SERVER-524?focusedCommentId=101574#comment-101574

        Issue Links

          Activity

          Hide
          Thijs Cadier
          added a comment -

          It would be great if using SSL on Mongo connections was trivial to set up. Any progress on this?

          Show
          Thijs Cadier
          added a comment - It would be great if using SSL on Mongo connections was trivial to set up. Any progress on this?
          Hide
          Andy Schwerin
          added a comment -

          James Page, we checked on licensing and updated the copyright files to allow linking with openssl. Further, as of 2.6, support for SSL is pretty complete, and it would be fine for distro packages to have SSL enabled. This ticket remains open until we resolve some internal technical issues around distributing binaries, rather than around licensing or functionality in the code itself.

          Show
          Andy Schwerin
          added a comment - James Page , we checked on licensing and updated the copyright files to allow linking with openssl. Further, as of 2.6, support for SSL is pretty complete, and it would be fine for distro packages to have SSL enabled. This ticket remains open until we resolve some internal technical issues around distributing binaries, rather than around licensing or functionality in the code itself.
          Hide
          Jon Gorrono
          added a comment -

          The fix version is still the 2.7.x branch. Does your comment (Andy) mean that this might make it into a 2.6.x minor release?

          Show
          Jon Gorrono
          added a comment - The fix version is still the 2.7.x branch. Does your comment (Andy) mean that this might make it into a 2.6.x minor release?
          Hide
          Eric Milkie
          added a comment -

          Unfortunately, it's unlikely to be backported, as this is not a bug fix but a new feature, and the work to complete this will not be easily backportable.
          In the meantime, SSL is available in 2.6 for those using the Enterprise version, certain vendor packages, or locally built versions.

          Show
          Eric Milkie
          added a comment - Unfortunately, it's unlikely to be backported, as this is not a bug fix but a new feature, and the work to complete this will not be easily backportable. In the meantime, SSL is available in 2.6 for those using the Enterprise version, certain vendor packages, or locally built versions.
          Hide
          Tyler Brock
          added a comment -

          Anyone on a Mac:

          brew install mongodb --with-openssl
          
          Show
          Tyler Brock
          added a comment - Anyone on a Mac: brew install mongodb --with-openssl

            People

            • Votes:
              137 Vote for this issue
              Watchers:
              103 Start watching this issue

              Dates

              • Created:
                Updated:
                Days since reply:
                5 weeks, 3 days ago
                Date of 1st Reply: