[JAVA-2244] Allow TLS 1.2 SSL connections with MongoDB and JDK 7 Created: 14/Jul/16  Updated: 16/Aug/19  Resolved: 15/Sep/16

Status: Closed
Project: Java Driver
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Emilio Scalise Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by JAVA-3386 Add Java driver example of forcing TL... Closed
Related

 Description   

Java 8 will uses TLS 1.2 by default starting with JDK 8u5. This is described in the Java bug ticket JDK-7093640.

Running on JDK 7, in order to use TLS 1.2, the MongoDB Java driver should request explicitely TLS 1.2 by using code similar to this:

SSLContext context = SSLContext.getInstance("TLSv1.2");
SSLContext.setDefault(context );

In the MongoDB Java source code currently SSLContext is called in this way:

                    SSLEngine engine = SSLContext.getDefault().createSSLEngine(address.getHost(), address.getPort());

This will mean that TLS 1.2 will be used with JDK 8 as it's the default protocol and not used with JDK 7, as it's not the default protocol.

Is it possible to add to the MongoDB Java driver a configuration parameter to enable explicitely TLS 1.2 and request it in the SSLContext creation?



 Comments   
Comment by Jeffrey Yemin [ 14/Jul/16 ]

The code you linked to is in NettyStream, which is only used by the asynchronous API. The code path for the synchronous API is here. Note that is uses a provided SocketFactory, which is optionally configured via MongoClientOptions:

       SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
       // initialize the context with key manager, trust manager, and secure random
 
       MongoClientOptions.builder()
                .socketFactory(sslContext.getSocketFactory())
                .build();

This is your best bet for the synchronous API. Let me know if this is a request for control of SSL in the asynchronous API.

Generated at Thu Feb 08 08:56:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.