[SERVER-12966] SSL connection error from client does not mention SSL Created: 28/Feb/14 Updated: 02/Mar/14 Resolved: 28/Feb/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Networking, Security |
| Affects Version/s: | 2.6.0-rc0 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Tyler Brock | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | 26qa | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Participants: | |||||||||||||
| Description |
|
This is the message when you connect using a client without ssl to a server that requires SSL:
The server logs have great messaging here but the client's message tells me absolutely nothing about SSL being the problem. |
| Comments |
| Comment by Andreas Nilsson [ 28/Feb/14 ] |
|
Can we copy a revised version of Andy's comments maybe and put them in the other ticket so we don't loose information. |
| Comment by Tyler Brock [ 28/Feb/14 ] |
|
ok, closing it out. |
| Comment by Tyler Brock [ 28/Feb/14 ] |
|
Yes, I agree. I'm simply saying that in the absence of being able to say for sure, which would obviously be better, we should at least provide the suggestion. Right now as it stands a user of the shell you have absolutely no indication the problem could be SSL/TLS/security anything if you see this. |
| Comment by Andreas Nilsson [ 28/Feb/14 ] |
|
This duplicates SERVER-11292. See my comments on alternative solutions there. |
| Comment by Andy Schwerin [ 28/Feb/14 ] |
|
Well, it's also possible that you're talking on the wrong port, to a different service, or that your firewall is misconfigured, among other possibilities. Without some feedback from the remote about what went wrong, we're guessing. |
| Comment by Tyler Brock [ 28/Feb/14 ] |
|
Why don't we just also print a message like "It's possible this host only accepts SSL connections" |
| Comment by Andy Schwerin [ 28/Feb/14 ] |
|
andreas.nilsson@10gen.com, any other clever ideas on this one? |
| Comment by Andy Schwerin [ 28/Feb/14 ] |
|
Because we have layered TLS/SSL below the messaging layer, it's difficult to do anything more than hang up the connection. Here are some ideas, though:
|
| Comment by Eric Milkie [ 28/Feb/14 ] |
|
Is this an issue with all the drivers, not just the shell using the c++ driver? |