Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-2793

TLS handshake failure with CPython 3.10 and MongoDB <= 3.4

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.12.1
    • Affects Version/s: None
    • Component/s: None
    • None

      PyMongo fails to connect to MongoDB version <= 3.4 (all EOL versions) over TLS with CPython 3.10. This is likely related to TLS changes new in Python 3.10.

      [2021/06/30 20:22:56.477] ======================================================================
       [2021/06/30 20:22:56.477] FAIL [0.001s]: test_must_connect (test_client_context.TestClientContext)
       [2021/06/30 20:22:56.477] ----------------------------------------------------------------------
       [2021/06/30 20:22:56.477] Traceback (most recent call last):
       [2021/06/30 20:22:56.477]   File "C:\data\mci\7b535024a03064addba4e92db51c8886\src\test\test_client_context.py", line 28, in test_must_connect
       [2021/06/30 20:22:56.477]     self.assertTrue(client_context.connected,
       [2021/06/30 20:22:56.477] AssertionError: False is not true : client context must be connected when PYMONGO_MUST_CONNECT is set. Failed attempts:
       [2021/06/30 20:22:56.477] failed to connect client MongoClient(host=['localhost:27017'], document_class=dict, tz_aware=False, connect=True, serverselectiontimeoutms=5000): localhost:27017: [WinError 10054] An existing connection was forcibly closed by the remote host, Timeout: 5.0s, Topology Description: <TopologyDescription id: 60dcd28ffd7a6867a72c08fb, topology_type: Single, servers: [<ServerDescription ('localhost', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('localhost:27017: [WinError 10054] An existing connection was forcibly closed by the remote host')>]>
       [2021/06/30 20:22:56.477] failed to connect client MongoClient(host=['localhost:27017'], document_class=dict, tz_aware=False, connect=True, serverselectiontimeoutms=5000, ssl=True, ssl_certfile='C:/data/mci/7b535024a03064addba4e92db51c8886/drivers-tools/.evergreen/x509gen/client.pem', ssl_ca_certs='C:/data/mci/7b535024a03064addba4e92db51c8886/drivers-tools/.evergreen/x509gen/ca.pem'): SSL handshake failed: localhost:27017: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:983), Timeout: 5.0s, Topology Description: <TopologyDescription id: 60dcd294fd7a6867a72c08fc, topology_type: Single, servers: [<ServerDescription ('localhost', 27017) server_type: Unknown, rtt: None, error=AutoReconnect('SSL handshake failed: localhost:27017: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:983)')>]>
       [2021/06/30 20:22:56.477] ----------------------------------------------------------------------
      

      On the server side we log a cipher mismatch:

      2021-06-30T21:22:44.917+0100 E NETWORK  [conn16] SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
      

      See the Python 3.10 release notes about the ssl module for likely causes.

            Assignee:
            shane.harvey@mongodb.com Shane Harvey
            Reporter:
            bernie@mongodb.com Bernie Hackett
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: