[COMPASS-5136] Cannot connect to a server which requires TLS1.2 or above Created: 04/Oct/21  Updated: 03/Oct/23  Resolved: 22/May/23

Status: Closed
Project: Compass
Component/s: Connectivity
Affects Version/s: 1.28.4
Fix Version/s: No version

Type: Bug Priority: Major - P3
Reporter: Starrah Starrah Assignee: Unassigned
Resolution: Cannot Reproduce Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Server: MongoDB Community 5.0.3, Ubuntu 20.04
Client: MongoDBCompass 1.28.4, Windows 10


Attachments: PNG File image-2021-10-04-12-34-17-423.png     PNG File image-2021-10-04-12-40-11-864.png     PNG File image-2021-10-04-12-43-48-074.png     PNG File image-2021-10-04-12-45-10-224.png    
Documentation Changes: Not Needed

 Description   

Problem Statement/Rationale

I configured my server to require TLS connection with version no less than TLSv1.2, by mongod command args `--tlsMode requireTLS --sslDisabledProtocols TLS1_0,TLS1_1`. I can connect to my server with Mongosh, but cannot connect to it with MongoDBCompass.

Steps to Reproduce

  1. you can run a server with something similar as `mongod --tlsCertificateKeyFile cert.pem --tlsMode requireTLS --sslDisabledProtocols TLS1_0,TLS1_1 --auth --bind_ip_all`, in which cert.pem should be a valid certificate issued by CA and match your domain name. 
  2. you can use MongoDBCompass to connect the server with the domain name, and set "More Options-SSL" to "System CA / Atlas Deployment",  

Expected Results

MongoDBCompass should be able to connected to the server

Actual Results

MongoDBCompass cannot connected to the server

Additional Notes

With WireShark, I found that the "Client Hello" sent by MongoDBCompass in the TLS handshake procedure use TLSv1.0, so the connection cannot be established. I hope compass can upgrade the TLS version used to fix the problem. see the Wireshark capture screenshots below for details. 

The overall packets

 The Client Hello Packet

The Server Hello packet

Thank you!



 Comments   
Comment by Anna Henningsen [ 04/Oct/21 ]

709192822@qq.com I cannot reproduce this. Can you help debug this by doing the following:

  • Sharing the exact error message you receive in Compass
  • Testing whether you can try to connect to this server using mongosh or the legacy mongo shell
  • Sharing the server version that this is using?
Generated at Wed Feb 07 22:38:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.