[CSHARP-3113] Getting "Authentication failed because the remote party has closed the transport stream" while connection mongodb V4.0 using C# driver. Created: 27/May/20 Updated: 27/Oct/23 Resolved: 22/Jun/20 |
|
| Status: | Closed |
| Project: | C# Driver |
| Component/s: | Configuration, Connectivity |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | naresh kandala | Assignee: | Vincent Kam (Inactive) |
| Resolution: | Gone away | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Production |
||
| Issue Links: |
|
||||||||||||
| Description |
|
We are trying to implement SSL authentication with the MongoDB 4.0 version using the below connection string and facing authentication issues. mongodb://username:password@hostname:27017/?authSource=admin&readPreference=primary&ssl=true&sslPEMKeyFile=C:/etc/ssl/client.pem" At MongoDB log, we see the application connections are closing immediately with error message : encountered a network error during SourceMessage: SocketException: no shared cipher application log: , SourceContext: "Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware", ConnectionId: "0HLTM5FID0INL", Application: "DCDService" } |
| Comments |
| Comment by Vincent Kam (Inactive) [ 03/Jun/20 ] | ||||
|
Thank you for reaching out! I'm sorry to hear that your application is experiencing connectivity issues. I see that your connection string uses the sslPemKeyFile option: unfortunately the .NET driver does not support this option yet, so the client certificate will need to set programmatically. One of the steps in setting the client certificate programmatically includes creating an X509Certificate2 object, and in order to do so, the client key MAY need to be converted to the PFX/PKCS12 format (see https://github.com/dotnet/runtime/issues/27346#issuecomment-419658415), although I am less certain about this: there may be a way to create an X509Certificate2 object directly from a PEM file. What I can definitely say is that for our own test suites, we use openssl to convert the client PEM file into a PFX/PKCS12 formatted file like so:
| ||||
| Comment by Kalpana Majeti [ 27/May/20 ] | ||||
|
The application is .netCore 3.1 and using Mongo C# driver - 2.10.3 Please ignore the above error log. Below is the error we see in the mongoDB log }. Client view of cluster state is { ClusterId : "1", ConnectionMode : "Automatic", Type : "Unknown", State : "Disconnected", Servers : [{ ServerId: " { ClusterId : 1, EndPoint : "Unspecified/lxmdbssisdev001.lowes.com:27017" }", EndPoint: "Unspecified/lxmdbssisdev001.lowes.com:27017", State: "Disconnected", Type: "Unknown", HeartbeatException: "MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server. |