<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 06:52:54 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-83695] Customer facing SSL certificate errors PyMongo v6.0: &quot;Unsafe Legacy Renegotiation&quot;</title>
                <link>https://jira.mongodb.org/browse/SERVER-83695</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Linked Ticket: HELP-51899&lt;/p&gt;

&lt;p&gt;Customer reports now being unable to connect to Mongo Server v6.0. Further troubleshooting showed:&#160;&lt;/p&gt;


&lt;blockquote&gt;&lt;p&gt;Customer installed pymongo with OCSP extension and is still facing the error. Please observe the below details shared by the customer.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;after installing ocsp, when I tried to run the project code, here&apos;s the error,&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;raise ServerSelectionTimeoutError(&lt;br/&gt;
pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed:&#160;&lt;a href=&quot;http://test-shard-00-02.vkupj.mongodb.net:27017/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;test-shard-00-02.vkupj.mongodb.net:27017&lt;/a&gt;:&#160;&lt;span class=&quot;error&quot;&gt;&amp;#91;(&amp;#39;SSL routines&amp;#39;, &amp;#39;&amp;#39;, &amp;#39;unsafe legacy renegotiation disabled&amp;#39;)&amp;#93;&lt;/span&gt;,SSL handshake failed:&#160;&lt;a href=&quot;http://test-shard-00-01.vkupj.mongodb.net:27017/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;test-shard-00-01.vkupj.mongodb.net:27017&lt;/a&gt;:&#160;&lt;span class=&quot;error&quot;&gt;&amp;#91;(&amp;#39;SSL routines&amp;#39;, &amp;#39;&amp;#39;, &amp;#39;unsafe legacy renegotiation disabled&amp;#39;)&amp;#93;&lt;/span&gt;,SSL handshake failed:&#160;&lt;a href=&quot;http://test-shard-00-00.vkupj.mongodb.net:27017/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;test-shard-00-00.vkupj.mongodb.net:27017&lt;/a&gt;:&#160;&lt;span class=&quot;error&quot;&gt;&amp;#91;(&amp;#39;SSL routines&amp;#39;, &amp;#39;&amp;#39;, &amp;#39;unsafe legacy renegotiation disabled&amp;#39;)&amp;#93;&lt;/span&gt;, Timeout: 30s, Topology Description: &amp;lt;TopologyDescription id: 655d9db56926ac5f551bf8d4, topology_type: ReplicaSetNoPrimary, servers: [&amp;lt;ServerDescription (&apos;&lt;a href=&quot;http://test-shard-00-00.vkupj.mongodb.net/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;test-shard-00-00.vkupj.mongodb.net&lt;/a&gt;&apos;, 27017) server_type: Unknown, rtt: None, error=AutoReconnect(&quot;SSL handshake failed:&#160;&lt;a href=&quot;http://test-shard-00-00.vkupj.mongodb.net:27017/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;test-shard-00-00.vkupj.mongodb.net:27017&lt;/a&gt;:&#160;&lt;span class=&quot;error&quot;&gt;&amp;#91;(&amp;#39;SSL routines&amp;#39;, &amp;#39;&amp;#39;, &amp;#39;unsafe legacy renegotiation disabled&amp;#39;)&amp;#93;&lt;/span&gt;&quot;)&amp;gt;, &amp;lt;ServerDescription (&apos;&lt;a href=&quot;http://test-shard-00-01.vkupj.mongodb.net/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;test-shard-00-01.vkupj.mongodb.net&lt;/a&gt;&apos;, 27017) server_type: Unknown, rtt: None, error=AutoReconnect(&quot;SSL handshake failed:&#160;&lt;a href=&quot;http://test-shard-00-01.vkupj.mongodb.net:27017/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;test-shard-00-01.vkupj.mongodb.net:27017&lt;/a&gt;:&#160;&lt;span class=&quot;error&quot;&gt;&amp;#91;(&amp;#39;SSL routines&amp;#39;, &amp;#39;&amp;#39;, &amp;#39;unsafe legacy renegotiation disabled&amp;#39;)&amp;#93;&lt;/span&gt;&quot;)&amp;gt;, &amp;lt;ServerDescription (&apos;&lt;a href=&quot;http://test-shard-00-02.vkupj.mongodb.net/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;test-shard-00-02.vkupj.mongodb.net&lt;/a&gt;&apos;, 27017) server_type: Unknown, rtt: None, error=AutoReconnect(&quot;SSL handshake failed:&#160;&lt;a href=&quot;http://test-shard-00-02.vkupj.mongodb.net:27017/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;test-shard-00-02.vkupj.mongodb.net:27017&lt;/a&gt;:&#160;&lt;span class=&quot;error&quot;&gt;&amp;#91;(&amp;#39;SSL routines&amp;#39;, &amp;#39;&amp;#39;, &amp;#39;unsafe legacy renegotiation disabled&amp;#39;)&amp;#93;&lt;/span&gt;&quot;)&amp;gt;]&amp;gt;&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Which should mean the server is attempting renegotiation. However, PyOpenSSL exposed the `OP_NO_RENEGOTATION` flag since 22.0.0 and the customer is on 23.2.0. We&apos;re thinking of supporting renegotation through pymongo by adding the OP_LEGACY_SERVER_CONNECT flag.&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;This end result has led to two main questions:&#160;&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;Is this the correct deduction of the issue the customer is facing? Is there enough evidence from the HELP ticket to support that this may be server-side?&lt;/li&gt;
	&lt;li&gt;Irregardless of the true issue the customer is facing, Is there anything wrong with introducing a flag to support OP_LEGACY_SERVER_CONNECT for server connection? Would that expose the client to a potential MITM attack?&lt;/li&gt;
&lt;/ol&gt;


&lt;p&gt;&#160;&lt;/p&gt;</description>
                <environment></environment>
        <key id="2511240">SERVER-83695</key>
            <summary>Customer facing SSL certificate errors PyMongo v6.0: &quot;Unsafe Legacy Renegotiation&quot;</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="gabriel.marks@mongodb.com">Gabriel Marks</assignee>
                                    <reporter username="jib.adegunloye@mongodb.com">Jib Adegunloye</reporter>
                        <labels>
                    </labels>
                <created>Tue, 28 Nov 2023 21:31:02 +0000</created>
                <updated>Sat, 3 Feb 2024 00:02:55 +0000</updated>
                            <resolved>Mon, 18 Dec 2023 17:53:08 +0000</resolved>
                                                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="5910644" author="JIRAUSER1274533" created="Tue, 28 Nov 2023 21:32:17 +0000"  >&lt;p&gt;ping: &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=spencer.jackson%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;spencer.jackson@mongodb.com&quot;&gt;spencer.jackson@mongodb.com&lt;/a&gt;&#160;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="2565328">DRIVERS-2823</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25129"><![CDATA[Server Security]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 18 Dec 2023 17:53:08 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        10 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>bernie@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            10 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>gabriel.marks@mongodb.com</customfieldvalue>
            <customfieldvalue>jib.adegunloye@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i32b9j:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i2k3z0:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="7709">Security 2023-12-11</customfieldvalue>
    <customfieldvalue id="7710">Security 2023-12-25</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|i31xev:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>