[GODRIVER-1779] SSL is disabled however client still sends SSL handshake Created: 03/Nov/20  Updated: 27/Oct/23  Resolved: 26/Nov/20

Status: Closed
Project: Go Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Archit Pandey Assignee: Kevin Albertson
Resolution: Gone away Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Mongo Go Driver v1.4.2, running inside go-alpine docker image



 Description   

We're running a Go app (go driver v1.4.2) along with a 3 node replica set (using Mongodb helm chart) on our Kubernetes cluster.

Our app is unable to connect to the replica set without passing "connect=direct" in the URI. We're seeing the following error in the app:

{{2020/11/03 05:15:40 Failed to read from db due to : server selection error: server selection timeout, current topology: { Type: ReplicaSetNoPrimary, Servers: [

Unknown macro: { Addr}

, { Addr: payroll-mongodb-primary-0.payroll-mongodb-headless.mongodb.svc.cluster.local:27017, Type: Unknown, State: Connected, Average RTT: 0, Last error: connection() : connection(payroll-mongodb-primary-0.payroll-mongodb-headless.mongodb.svc.cluster.local:27017[-127]) incomplete read of message header: read tcp 192.168.191.75:35974->192.168.162.50:27017: read: connection reset by peer }, ] }}}

 

When browsing through the logs on our replica set primary, we came across this error:

"2020-11-03T05:15:26.934+0000 I NETWORK  [conn72847] end connection 192.168.191.75:35340 (18 connections now open)","2020-11-03T05:15:27.433+0000 I NETWORK  [listener] connection accepted from 192.168.191.75:35360 #72848 (19 connections now open)","2020-11-03T05:15:27.434+0000 I NETWORK  [conn72848] Error receiving request from client: SSLHandshakeFailed: SSL handshake received but server is started without SSL support. Ending connection from 192.168.191.75:35360 (connection id: 72848)"

So it looks like the client is sending SSL handshakes to the server. We've tried passing `ssl=false` in the URI however that did not change the behaviour.



 Comments   
Comment by Backlog - Core Eng Program Management Team [ 26/Nov/20 ]

There hasn't been any recent activity on this ticket, so we're resolving it. Thanks for reaching out! Please feel free to comment on this if you're able to provide more information.

Comment by Kevin Albertson [ 11/Nov/20 ]

Hello pandey.archit7@gmail.com, thank you for the report!

I attempted to reproduce your issue by starting a replica set with a two node 4.4 replica set, configuring both nodes with TLS disabled, starting each mongod with a config file resembling:

net:
  tls:
    mode: "disabled"
  port: 27017
replication:
  replSetName: rs0
setParameter:
  logComponentVerbosity: '{"command": {"verbosity": 3 },"network": {"verbosity": 5}}'
storage:
  dbPath: "./primary"

I was able to connect and run commands against both the primary and secondary with the following connection string and did not observe any logged connection errors:

"mongodb://localhost:27017,localhost:27018"

Note, ssl=false (or equivalently tls=false) is the default behavior. ssl=true or tls=true is required in the URL.

How are you connecting to the replica set? If you are using a connection string like "mongodb+srv", I wonder if TLS is getting enabled via TXT record lookup. Additionally, what version of the server are you running?

Generated at Thu Feb 08 08:37:07 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.