<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 09:00:01 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[JAVA-3614] Connections now always require a two way trust with no way to disable?</title>
                <link>https://jira.mongodb.org/browse/JAVA-3614</link>
                <project id="10006" key="JAVA">Java Driver</project>
                    <description>&lt;p&gt;I somewhat guess that this is a bug, or at least, a compatibility issue and/or missing feature.&lt;/p&gt;

&lt;p&gt;Using a java driver version between 3.10 and 3.12.1 (more generally, a version supporting MongoDB 4.0), i observe the following:&lt;/p&gt;

&lt;p&gt;If i try to connect to a MongoDB 3.6 instance by username and password, secured by ssl, it works as it did in previous versions of the java driver. More precisely, as seen from output with -Djavax.net.debug=all , the server sends his certificate to be validated by the driver. The client (so, my program using the java driver), does not even try to send its own certificate and MongoDB is happy with that.&lt;/p&gt;

&lt;p&gt;I also duplicated the same data, users, passwords and all into a newer MongoDB 4.0 instance for testing. If i try to connect with that, it fails. As seen with &lt;em&gt;-Djavax.net.debug=all&lt;/em&gt;, it tries several times before exiting with&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Database connection verification failed: Timed out after &lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;30000&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; ms &lt;/span&gt;&lt;span style=&quot;color: #006699; font-weight: bold; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;while&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=&#8230;, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketReadException: Prematurely reached end of stream}}] &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;Also, this MongoDB 4.0 instance several times logs the following:&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;I NETWORK&#160; [listener] connection accepted from &lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;10.210&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;53.230&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;:&lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;55362&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; #&lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;368&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; (&lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;1&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; connection now open)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;E NETWORK&#160; [conn368] SSL peer certificate validation failed: (800B0109)A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;E NETWORK&#160; [conn368] SSL peer certificate validation failed: (800B0109)A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;D -&#160;&#160;&#160;&#160;&#160;&#160;&#160; [conn368] User Assertion: SSLHandshakeFailed: SSL peer certificate validation failed: (800B0109)A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. C:\data\mci\234eaebb96d72f5e8aef1024be83238a\src\src\mongo/transport/session_asio.h &lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;621&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;I NETWORK&#160; [conn368] Error receiving request from client: SSLHandshakeFailed: SSL peer certificate validation failed: (800B0109)A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.. Ending connection from &lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;10.210&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;53.230&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;:&lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;55362&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; (connection id: &lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;368&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;I NETWORK&#160; [conn367] end connection &lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;10.210&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;.&lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;53.230&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;:&lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;55361&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; (&lt;/span&gt;&lt;span style=&quot;color: #009900; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;0&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; connections now open) &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;This is consistent with the output from &lt;em&gt;-Djavax.net.debug=all&lt;/em&gt; where i can tell that, connecting to the newer MongoDB 4.0 instance, my program now also sends his certificate to MongoDB &#8211; which is not happy about that (as seen above). My program trusts the server, but this is not true for the other direction in general. It can be for some environments using my program, but does not have to be.&lt;/p&gt;

&lt;p&gt;Furthermore, I&#8217;m not sure if it would suffice to tell them to use a trusted certificate on both ends (if even feasible). Sometimes the MongoDB instance will run on a Windows Server with many trusted certification authorities. Since MongoDB 4.0 started to use Windows&#8217; own mechanisms (schannel), every time the driver tries to connect, Windows complains about its limitation that it cannot present all of them to my &#8220;client&#8221; (Schannel Event 36885). Because of that, it seems possible that even a valid &#8220;client&#8221; certificate, would not be recognized as valid and this 2-way-trust would be doomed anyhow.&lt;/p&gt;

&lt;p&gt;Both points might be resolvable by administrators of some environments, but not for all of them.&lt;/p&gt;

&lt;p&gt;I did not find a way to disable this new two-way trust to let the administrator of those environments decide what to do. Did i overlook something or is such a possibility missing at the moment?&lt;/p&gt;</description>
                <environment></environment>
        <key id="1121937">JAVA-3614</key>
            <summary>Connections now always require a two way trust with no way to disable?</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="jeff.yemin@mongodb.com">Jeffrey Yemin</assignee>
                                    <reporter username="josef.haertl@ldbv.bayern.de">Josef Haertl</reporter>
                        <labels>
                    </labels>
                <created>Thu, 30 Jan 2020 12:42:46 +0000</created>
                <updated>Thu, 13 Feb 2020 13:55:31 +0000</updated>
                            <resolved>Thu, 13 Feb 2020 13:55:31 +0000</resolved>
                                    <version>3.10.0</version>
                    <version>3.10.1</version>
                    <version>3.10.2</version>
                    <version>3.11.0</version>
                    <version>3.11.1</version>
                    <version>3.11.2</version>
                    <version>3.12.0</version>
                    <version>3.12.1</version>
                                                    <component>Authentication</component>
                    <component>Connection Management</component>
                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="2876393" author="jeff.yemin" created="Thu, 13 Feb 2020 13:55:21 +0000"  >&lt;p&gt;I don&apos;t see anything that we can change in the driver to address this issue.&lt;/p&gt;

&lt;p&gt;I&apos;m going to close this now, but please comment back if there&apos;s anything more that you would like to discuss.&lt;/p&gt;</comment>
                            <comment id="2785068" author="josef.haertl@ldbv.bayern.de" created="Wed, 5 Feb 2020 16:45:21 +0000"  >&lt;p&gt;Thanks for your in-depth research on this.&lt;/p&gt;

&lt;p&gt;This sounds like it&apos;s a MongoDB4-Windows-SChannel-thing, not something the mongo java driver could solve?&lt;/p&gt;

&lt;p&gt;Potentially, one could extend MongoDB&apos;s net -&amp;gt; ssl -&amp;gt; allowConnectionsWithoutCertificates to also cover this case where SChannel &quot;extorts&quot; sending a potential invalid certificate?&lt;/p&gt;

&lt;p&gt;For now, i constructed some workaround with a custom java.net.ssl.SSLContext.&lt;/p&gt;

&lt;p&gt;In short, this workaround extracts the current TrustManagers from the current keystore and constructs a new SSLContext that uses the default TrustManagers, but a nulled KeyManager (so, no private keys). If given to the mongo java driver this results in java noting&lt;/p&gt;

&lt;p&gt;&quot;Warning: no suitable certificate found - continuing &lt;b&gt;without client authentication&lt;/b&gt;&quot;&lt;/p&gt;

&lt;p&gt;which is quite what i want it to do. Then connection succeeds.&lt;/p&gt;

&lt;p&gt;I&apos;ve uploaded an updated example with this workaround. It also contains a new artificial set of rootCA/servercert to verify that the server certificate is still verified by the client (and thus would fail).&lt;/p&gt;

&lt;p&gt;A solution more simple would be welcome, but i hope this suffices for now.&lt;/p&gt;</comment>
                            <comment id="2783869" author="mark.benvenuto" created="Tue, 4 Feb 2020 22:52:47 +0000"  >&lt;p&gt;Yes, SChannel behaves differently then OpenSSL in that it does not advertise the &quot;Distinguished Names&quot; of certificates it supports in the &quot;Certificate Request&quot; TLS message. I could not find any flags to change it to advertise the supported distinguished names. I think customers will need to use a custom &lt;tt&gt;java.nt.ssl.SSLContext&lt;/tt&gt; to be more explicit.&lt;/p&gt;

&lt;p&gt;Also, macOS SecureTransport does not set &quot;Distinguished Names&quot; in 10.14 (Mojave).&lt;/p&gt;

&lt;p&gt;Per &lt;a href=&quot;https://tools.ietf.org/html/rfc5246#section-7.4.4&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://tools.ietf.org/html/rfc5246#section-7.4.4&lt;/a&gt;&lt;/p&gt;
&lt;blockquote&gt;

&lt;p&gt;   certificate_authorities&lt;br/&gt;
      A list of the distinguished names &lt;span class=&quot;error&quot;&gt;&amp;#91;X501&amp;#93;&lt;/span&gt; of acceptable&lt;br/&gt;
      certificate_authorities, represented in DER-encoded format.  These&lt;br/&gt;
      distinguished names may specify a desired distinguished name for a&lt;br/&gt;
      root CA or for a subordinate CA; thus, this message can be used to&lt;br/&gt;
      describe known roots as well as a desired authorization space.  If&lt;br/&gt;
      the certificate_authorities list is empty, then the client MAY&lt;br/&gt;
      send any certificate of the appropriate ClientCertificateType,&lt;br/&gt;
      unless there is some external arrangement to the contrary.&lt;/p&gt;&lt;/blockquote&gt;</comment>
                            <comment id="2776266" author="josef.haertl@ldbv.bayern.de" created="Fri, 31 Jan 2020 10:25:18 +0000"  >&lt;p&gt;Hi&#160;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=jeff.yemin&quot; class=&quot;user-hover&quot; rel=&quot;jeff.yemin&quot;&gt;jeff.yemin&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;to avoid publishing sensitive internal information, i constructed a working minimal example with artificially created certificates and keystore.&lt;/p&gt;

&lt;p&gt;example.7z contains a Maven project, the requested log files and the keystore in full. Also all certificates and keys used in the example.&lt;/p&gt;

&lt;p&gt;MongoDB Instance configuration.7z contains the configuration i used for the MongoDB instances derived from that. It should work with MongoDB 3.6 as well as Mongodb 4.0. allowConnectionsWithoutCertificates would be required to allow connection without client certificate in 3.6,&#160;allowInvalidHostnames is only contained for this example (because my cert does not reflect the server&apos;s name).&lt;/p&gt;</comment>
                            <comment id="2773712" author="jeff.yemin" created="Thu, 30 Jan 2020 20:08:22 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=josef.haertl%40ldbv.bayern.de&quot; class=&quot;user-hover&quot; rel=&quot;josef.haertl@ldbv.bayern.de&quot;&gt;josef.haertl@ldbv.bayern.de&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Please attach the &lt;tt&gt;javax.net.debug&lt;/tt&gt; logs for both the 3.6 and the 4.0 scenarios, so we can take a look at what the difference is between them.&lt;/p&gt;

&lt;p&gt;Also, using the keytool command please list and print&#160; (&#8211;list and --printcert) all the certificates contained therein) all the certificates in the application key store.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                            <attachment id="245031" name="MongoDB Instance configuration.7z" size="4485" author="josef.haertl@ldbv.bayern.de" created="Fri, 31 Jan 2020 10:19:52 +0000"/>
                            <attachment id="245757" name="example with workaround.7z" size="209719" author="josef.haertl@ldbv.bayern.de" created="Wed, 5 Feb 2020 16:44:35 +0000"/>
                            <attachment id="245029" name="example.7z" size="182909" author="josef.haertl@ldbv.bayern.de" created="Fri, 31 Jan 2020 10:16:49 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hwad6v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>