<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:17:24 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-48533] Centos 7 mongodb-org-server-3.6 rpm ssl connection failure with PKCS disabled on client</title>
                <link>https://jira.mongodb.org/browse/SERVER-48533</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;C# client libraries running on Windows 2012 R2 with select SChannel algorithms disabled as below seen from IISCrypto:&lt;/p&gt;

&lt;p&gt;&lt;span class=&quot;image-wrap&quot; style=&quot;&quot;&gt;&lt;img src=&quot;https://jira.mongodb.org/secure/attachment/263715/263715_image-2020-06-02-12-24-50-986.png&quot; style=&quot;border: 0px solid black&quot; /&gt;&lt;/span&gt;&lt;/p&gt;

&lt;p&gt;Connecting with TLS 1.2 with client certificate presented to CentoOS 7 mongod, rpm version:&lt;br/&gt;
mongodb-org-server-3.6.18-1.el7.x86_64&lt;/p&gt;

&lt;p&gt;Connection fails with the below log lines when full verbosity enabled:&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;020-05-22T03:12:54.931+0000 I NETWORK &lt;span class=&quot;error&quot;&gt;&amp;#91;listener&amp;#93;&lt;/span&gt; connection accepted from 10.4.3.137:62577 #85 (5 connections now open)&lt;/tt&gt;&lt;br/&gt;
&lt;tt&gt;2020-05-22T03:12:54.931+0000 D EXECUTOR &lt;span class=&quot;error&quot;&gt;&amp;#91;listener&amp;#93;&lt;/span&gt; Starting new executor thread in passthrough mode&lt;/tt&gt;&lt;br/&gt;
&lt;tt&gt;2020-05-22T03:12:54.932+0000 D NETWORK &lt;span class=&quot;error&quot;&gt;&amp;#91;conn85&amp;#93;&lt;/span&gt; Session from 10.4.3.137:62577 encountered a network error during SourceMessage&lt;/tt&gt;&lt;br/&gt;
&lt;tt&gt;2020-05-22T03:12:54.932+0000 I NETWORK &lt;span class=&quot;error&quot;&gt;&amp;#91;conn85&amp;#93;&lt;/span&gt; end connection 10.4.3.137:62577 (4 connections now open)&lt;/tt&gt;&lt;/p&gt;

&lt;p&gt;Shared ciphers reported under these conditions are:&lt;/p&gt;

&lt;p&gt;ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA&lt;/p&gt;

&lt;p&gt;Having the C# driver connect to &apos;openssl s_server&apos; with these ciphers gives a successful connection. Connecting to mongod using &apos;openssl s_client&apos; with these ciphers set results in the same disconnection the C# driver sees.&lt;/p&gt;

&lt;p&gt;Replacing mongod with a locally compiled binary of 3.6 produces a mongod that does accept connections under these conditions.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1368876">SERVER-48533</key>
            <summary>Centos 7 mongodb-org-server-3.6 rpm ssl connection failure with PKCS disabled on client</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="shreyas.kalyan@mongodb.com">Shreyas Kalyan</assignee>
                                    <reporter username="ryan.krumins@gmail.com">Ryan Krumins</reporter>
                        <labels>
                    </labels>
                <created>Tue, 2 Jun 2020 02:36:57 +0000</created>
                <updated>Wed, 1 Jul 2020 02:04:39 +0000</updated>
                            <resolved>Wed, 1 Jul 2020 02:04:38 +0000</resolved>
                                    <version>3.6.18</version>
                                                    <component>Packaging</component>
                                        <votes>0</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="3251798" author="shreyas.kalyan" created="Wed, 1 Jul 2020 02:03:29 +0000"  >&lt;p&gt;MongoDB version 3.6 compiled on Centos 7 does not support Elliptic Curve negotiation.&lt;/p&gt;

&lt;p&gt;On Centos 7, MongoDB releases only one version of the MongoDB server. However, Centos 7 has a different version of OpenSSL on each minor version. There was a jump from OpenSSL 1.0.1 to OpenSSL 1.0.2 during the minor version releases of Centos 7. OpenSSL 1.0.1 did not fully support Elliptic Curves, whereas OpenSSL 1.0.2 supported it in a larger capacity. On Centos 7, the server is compiled against OpenSSL 1.0.1.&lt;/p&gt;

&lt;p&gt;To have support for Elliptic on versions 4.2 in Centos 7 with OpenSSL 1.0.1, the server needed to check some flags internally in OpenSSL. This check was not backported to 3.6. Because of this, the version run in the example above is unable to connect to the elliptic curve algorithms. However, when locally compiled on Centos 7, the driver was likely able to connect because the server was compiled against OpenSSL version 1.0.2, which supports elliptic curves without the flag.&lt;/p&gt;

&lt;p&gt;If the use of elliptic curves is desired, then it is recommended that the server is upgraded to either 4.2 or that the server is locally compiled on the machine.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-36616&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;Ticket for where the check was implemented &lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3195330" author="carl.champain" created="Mon, 8 Jun 2020 17:20:23 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=ryan.krumins%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;ryan.krumins@gmail.com&quot;&gt;ryan.krumins@gmail.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Thank you for the report.&lt;br/&gt;
 We&apos;re passing this ticket along to the appropriate team for further investigation. Updates will be posted on this ticket as they happen.&lt;/p&gt;

&lt;p&gt;Kind regards,&lt;br/&gt;
 Carl&lt;br/&gt;
 &#160;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="587755">SERVER-36616</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="263715" name="image-2020-06-02-12-24-50-986.png" size="65036" author="ryan.krumins@gmail.com" created="Tue, 2 Jun 2020 02:24:55 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 8 Jun 2020 17:20:23 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        3 years, 32 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>shreyas.kalyan@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            3 years, 32 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>carl.champain@mongodb.com</customfieldvalue>
            <customfieldvalue>ryan.krumins@gmail.com</customfieldvalue>
            <customfieldvalue>shreyas.kalyan@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hxo2cv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hxb8z3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="4035">Security 2020-06-29</customfieldvalue>
    <customfieldvalue id="4036">Security 2020-07-13</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10750" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Steps To Reproduce</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;ol&gt;
	&lt;li&gt;Ensure mongod is configured to accept ssl connections on CentOS7 v3.6&lt;/li&gt;
	&lt;li&gt;Ensure PKCS is disabled as a key exchange algorithm in SChannel on windows host&lt;/li&gt;
	&lt;li&gt;Have C# driver program connect with client certificate&lt;/li&gt;
	&lt;li&gt;Observe C# program should successfully connect&lt;/li&gt;
&lt;/ol&gt;
</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hxnom7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>