[GODRIVER-2112] GoDriver(1.7.0)/mongodump(version:100.4.1) failed to connect to mongodb cluster 4.0 in ssl mode Created: 31/Jul/21 Updated: 27/Oct/23 Resolved: 01/Sep/21 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | None |
| Affects Version/s: | 1.7.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Ye Liang | Assignee: | Benji Rewis (Inactive) |
| Resolution: | Gone away | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
x86_64 |
||
| Issue Links: |
|
||||
| Description |
|
1, When I use GoDriver(1.7.0) to connect mongodb cluster 4.0 in ssl mode, the error occurs as below:
2, As known that mongodump used the GoDriver. So, I also tried to use the lasted mongodump(version:100.4.1) to connect mongodb cluster 4.0 in ssl mode, it also has the same error:
3, About point 1 and point 2, the configuration in mongodb cluster mongos node is: => But, when I add AES256-GCM-SHA384:AES128-GCM-SHA256 in sslCipherConfig and restart node; all the connections(point 1 and point 2) become okay. 4, Question: |
| Comments |
| Comment by Benji Rewis (Inactive) [ 08/Sep/21 ] | ||||
|
No worries yeliang1006@163.com! So I haven't been able to reproduce the error you're seeing on mongodump 100.5.0 or 100.4.1. Nor can I reproduce that server selection timeout on a sharded cluster with the same configuration as the one you've described with Go driver 1.7.0 or 1.7.1.
Could you include the code you're using to connect to the Go driver? That might help me reproduce the issue. | ||||
| Comment by Ye Liang [ 03/Sep/21 ] | ||||
|
So sorry for late reply. | ||||
| Comment by Backlog - Core Eng Program Management Team [ 01/Sep/21 ] | ||||
|
There hasn't been any recent activity on this ticket, so we're resolving it. Thanks for reaching out! Please feel free to comment on this if you're able to provide more information. | ||||
| Comment by Benji Rewis (Inactive) [ 17/Aug/21 ] | ||||
|
Apologies for the delayed response yeliang1006@163.com ! We’re still actively investigating this issue, but I’ve had some trouble reproducing this error with both mongodump (100.5.0) and the raw Go driver (1.7.1) connected to a sharded cluster with the same setup as you’ve described. Judging from the mongodump code, I believe the error you’re seeing is just a server selection timeout in the initial Connect to the cluster here. It sounds like you’ve tried connecting to your sharded cluster just using the raw Go driver. Does that produce the same server selection timeout? And, could you share the code you’re using to connect to your cluster with the Go driver? From what I can tell, we should support DHE-RSA-AES256-GMC-SHA384 as an SSL cipher config. I believe the stronger security is introducing more latency in the initial SSL handshake and causing a timeout. But, unless your latency is already very high, it’s odd that the slightly weaker security would succeed in connecting. | ||||
| Comment by Ye Liang [ 04/Aug/21 ] | ||||
|
Thank you for you reply! 1,I tried to use Go driver 1.7.1, and still the same error:
2,Because there is no mongodump(100.5.0) in release notes yet; So, I build mongodump by myself: And, the same error also occurs:
=> Can you help to confirm this ? | ||||
| Comment by Benji Rewis (Inactive) [ 03/Aug/21 ] | ||||
|
Thanks for your bug report yeliang1006@163.com! That does sound like it might be an issue with the Go driver. My guess is that this server selection timeout is due to a bug discovered in 1.7.0, GODRIVER-2105, that will be fixed in Go driver version 1.7.1 and back ported to Go driver version 1.6.1. This bug happens when copying copious amounts of data from an open cursor to a local copy under high network latency. I think that using DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256 as the sslCipherConfig increases network latency and makes the bug visible. Using AES256-GCM-SHA384:AES128-GCM-SHA256 probably decreases latency (since it represents weaker security) and makes the server selection timeout less common. mongodump should have a new version based on Go driver 1.7.1 once |