[SERVER-48533] Centos 7 mongodb-org-server-3.6 rpm ssl connection failure with PKCS disabled on client Created: 02/Jun/20  Updated: 01/Jul/20  Resolved: 01/Jul/20

Status: Closed
Project: Core Server
Component/s: Packaging
Affects Version/s: 3.6.18
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Ryan Krumins Assignee: Shreyas Kalyan
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File image-2020-06-02-12-24-50-986.png    
Issue Links:
Duplicate
duplicates SERVER-36616 Enable ECDHE support if platform supp... Closed
Operating System: ALL
Steps To Reproduce:
  1. Ensure mongod is configured to accept ssl connections on CentOS7 v3.6
  2. Ensure PKCS is disabled as a key exchange algorithm in SChannel on windows host
  3. Have C# driver program connect with client certificate
  4. Observe C# program should successfully connect
Sprint: Security 2020-06-29, Security 2020-07-13
Participants:

 Description   

C# client libraries running on Windows 2012 R2 with select SChannel algorithms disabled as below seen from IISCrypto:

Connecting with TLS 1.2 with client certificate presented to CentoOS 7 mongod, rpm version:
mongodb-org-server-3.6.18-1.el7.x86_64

Connection fails with the below log lines when full verbosity enabled:

020-05-22T03:12:54.931+0000 I NETWORK [listener] connection accepted from 10.4.3.137:62577 #85 (5 connections now open)
2020-05-22T03:12:54.931+0000 D EXECUTOR [listener] Starting new executor thread in passthrough mode
2020-05-22T03:12:54.932+0000 D NETWORK [conn85] Session from 10.4.3.137:62577 encountered a network error during SourceMessage
2020-05-22T03:12:54.932+0000 I NETWORK [conn85] end connection 10.4.3.137:62577 (4 connections now open)

Shared ciphers reported under these conditions are:

ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA

Having the C# driver connect to 'openssl s_server' with these ciphers gives a successful connection. Connecting to mongod using 'openssl s_client' with these ciphers set results in the same disconnection the C# driver sees.

Replacing mongod with a locally compiled binary of 3.6 produces a mongod that does accept connections under these conditions.



 Comments   
Comment by Shreyas Kalyan [ 01/Jul/20 ]

MongoDB version 3.6 compiled on Centos 7 does not support Elliptic Curve negotiation.

On Centos 7, MongoDB releases only one version of the MongoDB server. However, Centos 7 has a different version of OpenSSL on each minor version. There was a jump from OpenSSL 1.0.1 to OpenSSL 1.0.2 during the minor version releases of Centos 7. OpenSSL 1.0.1 did not fully support Elliptic Curves, whereas OpenSSL 1.0.2 supported it in a larger capacity. On Centos 7, the server is compiled against OpenSSL 1.0.1.

To have support for Elliptic on versions 4.2 in Centos 7 with OpenSSL 1.0.1, the server needed to check some flags internally in OpenSSL. This check was not backported to 3.6. Because of this, the version run in the example above is unable to connect to the elliptic curve algorithms. However, when locally compiled on Centos 7, the driver was likely able to connect because the server was compiled against OpenSSL version 1.0.2, which supports elliptic curves without the flag.

If the use of elliptic curves is desired, then it is recommended that the server is upgraded to either 4.2 or that the server is locally compiled on the machine.

Ticket for where the check was implemented

Comment by Carl Champain (Inactive) [ 08/Jun/20 ]

Hi ryan.krumins@gmail.com,

Thank you for the report.
We're passing this ticket along to the appropriate team for further investigation. Updates will be posted on this ticket as they happen.

Kind regards,
Carl
 

Generated at Thu Feb 08 05:17:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.