<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:15:49 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-2624] Topology scanner renegotiates TLS on each heartbeat</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-2624</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;Every heartbeatFrequencyMS, the driver calls &quot;isMaster&quot; on all established monitoring connections. At least with Windows SChannel, and perhaps with OpenSSL and Apple&apos;s Secure Transport as well, the driver begins a new TLS handshake even though the connection is already handshaken. When the server is built with Secure Transport or SChannel (which landed circa 3.7.4), it rejects this renegotiation and closes the connection.&lt;/p&gt;

&lt;p&gt;Servers using OpenSSL (which until recently was the server&apos;s only TLS implementation) will allow the renegotiation, so we didn&apos;t see errors from this bug in the past. Even now when the server might hang up on the client, the driver will usually recover by opening a new monitoring connection almost immediately, so we rarely see problems.&lt;/p&gt;

&lt;p&gt;This was discovered testing &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-2404&quot; title=&quot;End sessions 10,000 at a time&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-2404&quot;&gt;&lt;del&gt;CDRIVER-2404&lt;/del&gt;&lt;/a&gt;: since the driver can take more than heartbeatFrequencyMS to generate 10,001 client sessions, and since the driver is not allowed to reconnect in order send the endSessions command, it can fail to send the command and cause a test failure.&lt;/p&gt;</description>
                <environment></environment>
        <key id="532807">CDRIVER-2624</key>
            <summary>Topology scanner renegotiates TLS on each heartbeat</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="jesse@mongodb.com">A. Jesse Jiryu Davis</assignee>
                                    <reporter username="jesse@mongodb.com">A. Jesse Jiryu Davis</reporter>
                        <labels>
                    </labels>
                <created>Mon, 23 Apr 2018 21:24:03 +0000</created>
                <updated>Sat, 28 Oct 2023 11:29:54 +0000</updated>
                            <resolved>Tue, 24 Apr 2018 21:44:42 +0000</resolved>
                                    <version>1.8.0</version>
                                    <fixVersion>1.10.0</fixVersion>
                                    <component>tls</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="1873295" author="xgen-internal-githook" created="Tue, 24 Apr 2018 21:44:36 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;email&apos;: &apos;jesse@mongodb.com&apos;, &apos;username&apos;: &apos;ajdavis&apos;, &apos;name&apos;: &apos;A. Jesse Jiryu Davis&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-2624&quot; title=&quot;Topology scanner renegotiates TLS on each heartbeat&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-2624&quot;&gt;&lt;del&gt;CDRIVER-2624&lt;/del&gt;&lt;/a&gt; don&apos;t re-handshake TLS stream&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/c9406ff178d6a043cffb0b5d318da09a67e9372a&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/c9406ff178d6a043cffb0b5d318da09a67e9372a&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="1872805" author="jesse" created="Tue, 24 Apr 2018 16:17:43 +0000"  >&lt;p&gt;The driver renegotiates TLS on every server check - that is, every heartbeatFrequencyMS or every time a server check is requested for any other reason (according to SDAM logic). It does renegotiate if the driver is built with SChannel and Secure Transport, but does not renegotiate with OpenSSL. We lucked out with OpenSSL: we keep calling BIO_do_handshake but that function does nothing if the connection is already handshaken. I bet LibreSSL inherits OpenSSL&apos;s behavior here.&lt;/p&gt;

&lt;p&gt;There is no purpose to renegotiation, it&apos;s a bug.&lt;/p&gt;

&lt;p&gt;I&apos;m semi-confident this bug is only caused by client behavior, and will cause disconnects with any MongoDB server configuration, based on the Atlas test I just did.&lt;/p&gt;

&lt;p&gt;TLS renegotiation never occurs on application sockets, only monitoring sockets. For single clients, where sockets are shared, this will cause a renegotiation and disconnect on the shared sockets when they are used for monitoring. The driver will recover in both single and pooled mode because of safeguards like &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-2075&quot; title=&quot;Retry ismaster calls once&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-2075&quot;&gt;&lt;del&gt;CDRIVER-2075&lt;/del&gt;&lt;/a&gt;, often without visible errors.&lt;/p&gt;</comment>
                            <comment id="1872456" author="jmikola@gmail.com" created="Tue, 24 Apr 2018 13:26:59 +0000"  >&lt;blockquote&gt;&lt;p&gt;At least with Windows SChannel, and perhaps with OpenSSL and Apple&apos;s Secure Transport as well, the driver begins a new TLS handshake even though the connection is already handshaken. When the server is built with Secure Transport or SChannel (which landed circa 3.7.4), it rejects this renegotiation and closes the connection.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Given that 3.6 servers in Atlas are running with OpenSSL, your last comment demonstrates that this is reproducible when libmongoc is using Secure Transport. If I understand the OP correctly, this bug originated when testing libmongoc (with Secure Channel) against a 3.7 server using Secure Channel or Secure Transport.&lt;/p&gt;

&lt;p&gt;Is the issue caused by &lt;em&gt;either&lt;/em&gt; the client or server using something other than OpenSSL, or this entirely a bug with libmongoc&apos;s Secure Channel and Secure Transport implementations? Is LibreSSL unaffected?&lt;/p&gt;

&lt;hr /&gt;

&lt;p&gt;In the interest of improving my understanding of the subject, I have a few more questions. I&apos;m not very familiar with TLS renegotiation, but &lt;a href=&quot;https://stackoverflow.com/questions/27832559/what-is-the-purpose-of-ssl-tls-renegotiation&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;this Stack Overflow thread&lt;/a&gt; explains it as:&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;It occurs after either side has expired the session and continues sending data. It means either that the session has simply expired due to timeout, or that a peer wants to change the cipher suite, or wants to request a peer certificate and hasn&apos;t already done so.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;With regard to the driver, are we doing this for the benefit of long-running applications so that active connections can be kept alive when client and server certificates are updated externally? If so, I assume monitoring intervals are the sensible time to do so.&lt;/p&gt;

&lt;p&gt;Per SDAM, we know that threaded clients conduct all monitoring on a set of sockets separate from the application pool. I assume that TLS renegotiation occurs on those monitoring sockets alongside each &lt;tt&gt;isMaster&lt;/tt&gt;. If sockets in the application pool are not actively monitored (I assume we rely on TCP to keep them alive), when (if ever) does TLS renegotiation occur on those sockets?&lt;/p&gt;

&lt;p&gt;With respect to single-threaded clients, where the monitoring and application sockets are one and the same, it sounds like we expect TLS renogatiation to happen during &lt;em&gt;each&lt;/em&gt; monitoring event (just as with threaded clients). Is this only ever &lt;tt&gt;heartbeatFrequencyMS&lt;/tt&gt;? I know single-threaded clients increase their monitoring frequency after socket errors (following &lt;tt&gt;cooldownMS&lt;/tt&gt;), but I assume that would only entail initial TLS negotation since the sockets would be newly established.&lt;/p&gt;</comment>
                            <comment id="1872133" author="jesse" created="Tue, 24 Apr 2018 01:26:54 +0000"  >&lt;p&gt;Seems related, yes. I tried connecting to an Atlas server using C Driver 1.8.2 on Mac with Secure Transport and a URI like:&lt;/p&gt;

&lt;p&gt;&quot;mongodb://admin:PASSWORD@replicaset-shard-00-00-oztdp.mongodb-dev.net:27017,replicaset-shard-00-01-oztdp.mongodb-dev.net:27017,replicaset-shard-00-02-oztdp.mongodb-dev.net:27017/?replicaSet=replicaSet-shard-0&amp;amp;ssl=true&amp;amp;heartbeatfrequencyms=500&amp;amp;connectTimeoutMS=500&amp;amp;serverselectiontimeoutms=100&quot;&lt;/p&gt;

&lt;p&gt;This is the &quot;atlas_replset&quot; key in the mongo-c-driver Evergreen config, along with a particular set of timing fields meant to tickle the bug. I use this URI with a single mongoc_client_t and a loop like:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;while (true) {&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;   cursor = mongoc_collection_find_with_opts (&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;      collection,&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;      &amp;amp;query,&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;      NULL, &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;      NULL);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;   while (mongoc_cursor_next (cursor, &amp;amp;doc)) {&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;      str = bson_as_canonical_extended_json (doc, NULL);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;      fprintf (stdout, &quot;%s\n&quot;, str);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;      bson_free (str);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;   }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;   if (mongoc_cursor_error (cursor, &amp;amp;error)) {&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;      fprintf (stderr, &quot;Cursor Failure: %s\n&quot;, error.message);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;      return EXIT_FAILURE;&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;   }&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&amp;nbsp;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;   sleep(1);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;}&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;I saw that the Atlas servers hang up on the driver when it tries to renegotiate TLS, and within a few seconds the program logs and quits:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Cursor Failure: No suitable servers found (`serverSelectionTryOnce` set): [connection timeout calling ismaster on &apos;replicaset-shard-00-00-oztdp.mongodb-dev.net:27017&apos;] [connection timeout calling ismaster on &apos;replicaset-shard-00-01-oztdp.mongodb-dev.net:27017&apos;] [TLS handshake failed: -9806 calling ismaster on &apos;replicaset-shard-00-02-oztdp.mongodb-dev.net:27017&apos;]&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;In pooled mode the driver is more resilient, but suffers frequent pauses of several tenths of seconds while it&apos;s recovering from the server hangup and waiting for the opportunity to reconnect.&lt;/p&gt;

&lt;p&gt;With the patch applied that I&apos;m developing for this bug, the same program is resilient and doesn&apos;t suffer these pauses.&lt;/p&gt;</comment>
                            <comment id="1872008" author="jmikola@gmail.com" created="Mon, 23 Apr 2018 21:33:31 +0000"  >&lt;p&gt;How does this manifest itself with regard to error messages from libmongoc? An Atlas user recently reported &lt;a href=&quot;https://github.com/mongodb/mongo-php-driver/issues/791&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mongodb/mongo-php-driver#791&lt;/a&gt; (off-shoot of MMSSUPPORT-19732) where they were experiencing random dropped connections and we&apos;ve not been able to identify the cause. Their error messages typically had the form:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;No suitable servers found (`serverSelectionTryOnce` set): &lt;span class=&quot;error&quot;&gt;&amp;#91;connection timeout calling ismaster on &amp;#39;cluster0-shard-00-00-b2gpc.mongodb.net:27017&amp;#39;&amp;#93;&lt;/span&gt; &lt;span class=&quot;error&quot;&gt;&amp;#91;connection timeout calling ismaster on &amp;#39;cluster0-shard-00-01-b2gpc.mongodb.net:27017&amp;#39;&amp;#93;&lt;/span&gt; &lt;span class=&quot;error&quot;&gt;&amp;#91;TLS handshake failed: -9806 calling ismaster on &amp;#39;cluster0-shard-00-02-b2gpc.mongodb.net:27017&amp;#39;&amp;#93;&lt;/span&gt;&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Their PHP driver is using Secure Transport and error code -9806 corresponds to &lt;a href=&quot;https://developer.apple.com/documentation/security/1503828-secure_transport_result_codes/errsslclosedabort&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;errSSLClosedAbort&lt;/a&gt;; however, that&apos;s about as far as we got. The fact that all connections timed out at once is interesting, although it could just as easily be a network connectivity issue on their application server.&lt;/p&gt;

&lt;p&gt;I&apos;m a bit baffled by the fact that we see only ony &quot;TLS handshake failed&quot; error message, but perhaps that&apos;s explained by Secure Transport (and Secure Channel) not yet supporting async negotiations.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="533192">PHPC-1169</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="678193">CDRIVER-2934</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|htnbrb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>