Details

    • Type: New Feature New Feature
    • Status: In Progress In Progress
    • Priority: Major - P3 Major - P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Planning Bucket A
    • Component/s: Networking, Security
    • Labels:
      None
    • # Replies:
      42
    • Last comment by Customer:
      true
    • Driver Changes:
      Not Needed

      Description

      Currently, the Mongo Wire protocol sends the data essentially in clear-text. This has two implications for my user scenario. First is that there's a lot of network traffic generated for queries. When reports are run and many fields of data are retrieved, I get the same field name over and over. Some compression here would speed up the delivery of the data. The query itself is lightning fast, but the transaction is slowed down by the movement of the massive amount of data.

      Second, the clear-text has security implications. Running SSL or some similar secure wire protocol could solve potentially both these issues.

      Thanks!

      Edit: Need to support auto-negotiation, and optional (both ssl/non-ssl connections), preferred and forced modes.
      https://jira.mongodb.org/browse/SERVER-524?focusedCommentId=101574#comment-101574

        Issue Links

          Activity

          Hide
          Eric Milkie
          added a comment -

          Unfortunately, it's unlikely to be backported, as this is not a bug fix but a new feature, and the work to complete this will not be easily backportable.
          In the meantime, SSL is available in 2.6 for those using the Enterprise version, certain vendor packages, or locally built versions.

          Show
          Eric Milkie
          added a comment - Unfortunately, it's unlikely to be backported, as this is not a bug fix but a new feature, and the work to complete this will not be easily backportable. In the meantime, SSL is available in 2.6 for those using the Enterprise version, certain vendor packages, or locally built versions.
          Hide
          Tyler Brock (Inactive)
          added a comment -

          Anyone on a Mac:

          brew install mongodb --with-openssl
          
          Show
          Tyler Brock (Inactive)
          added a comment - Anyone on a Mac: brew install mongodb --with-openssl
          Hide
          Thijs Cadier
          added a comment -

          This doesn't seem to be in the 2.7 development release yet, will it be part of the 2.7 series?

          Show
          Thijs Cadier
          added a comment - This doesn't seem to be in the 2.7 development release yet, will it be part of the 2.7 series?
          Hide
          Andy Schwerin
          added a comment -

          Thijs Cadier, the remaining work on this ticket is really about binary distribution. The 2.6 series source code in github supports SSL, but the openssl library version varies a lot by specific OS vendor and disto version. That means that you need a version of the MongoDB binaries for nearly every supported distro, unlike the current community binaries which run pretty much anywhere. When we've worked out a distribution solution, we'll be ready to resolve this ticket. Until then, on Linux you can try using your distribution's provided version of MongoDB, and on OS X you can try Brew as Tyler Brock described above. You may, of course, also compile the code yourself, passing the --ssl option to the build scripts.

          If you happen to have a MongoDB subscription, you may be entitled to use the MongoDB Enterprise release for your platform. Since these builds are already targeted at specific OS distributions, we build them with SSL support.

          Show
          Andy Schwerin
          added a comment - Thijs Cadier , the remaining work on this ticket is really about binary distribution. The 2.6 series source code in github supports SSL, but the openssl library version varies a lot by specific OS vendor and disto version. That means that you need a version of the MongoDB binaries for nearly every supported distro, unlike the current community binaries which run pretty much anywhere. When we've worked out a distribution solution, we'll be ready to resolve this ticket. Until then, on Linux you can try using your distribution's provided version of MongoDB, and on OS X you can try Brew as Tyler Brock described above. You may, of course, also compile the code yourself, passing the --ssl option to the build scripts. If you happen to have a MongoDB subscription, you may be entitled to use the MongoDB Enterprise release for your platform. Since these builds are already targeted at specific OS distributions, we build them with SSL support.
          Hide
          Thijs Cadier
          added a comment -

          Thanks Andy, that makes a lot sense. I guess we'll stick to our own compiled versions for the foreseeable future.

          Show
          Thijs Cadier
          added a comment - Thanks Andy, that makes a lot sense. I guess we'll stick to our own compiled versions for the foreseeable future.

            People

            • Votes:
              139 Vote for this issue
              Watchers:
              106 Start watching this issue

              Dates

              • Created:
                Updated:
                Days since reply:
                39 weeks, 5 days ago
                Date of 1st Reply: