[SERVER-11528] Add option to copyDB and clone commands to allow outgoing non-SSL connections from an SSL-enabled server Created: 01/Nov/13  Updated: 10/Sep/18  Resolved: 10/Sep/18

Status: Closed
Project: Core Server
Component/s: Admin, Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Kyle Erf Assignee: DO NOT USE - Backlog - Platform Team
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by SERVER-25162 Make SSL connection for copyDatabase(... Closed
Related
Participants:

 Description   

The ability to create an unencrypted clone connection from an ssl-enabled mongod to a non-ssl remote mongod would be helpful for a few of our users. Currently there is no way to do this without changing ssl settings on the remote. This feature could just be a simple flag like ssl: false that works on mongod's compiled with ssl



 Comments   
Comment by Sara Williamson [ 10/Sep/18 ]

Went away with the removal of copydb.

Comment by Ramon Fernandez Marina [ 20/Jul/16 ]

SERVER-25162 describes a use case for Atlas where implementing this functionality could help:

If instance is started with SSL enabled (e.g. Atlas) and if db.copyDatabase() is executed - the mongod will attempt to establish outbound connection with SSL. Effectively that makes it impossible for users to use copyDatabase() for data migration into an Atlas cluster as the target mongod, if started without SSL, will process SSL handshake and if it uses SSL, the certificate validation is likely to fail.

Perhaps we could make SSL use for the outbound connection to be optional? (for copyDatabase() only)

Generated at Thu Feb 08 03:26:01 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.