Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-31701

Shell cannot connect with --ssl to a mongod with TLS1_0 disabled

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • Affects Version/s: 3.4.9
    • Component/s: Shell
    • None
    • Server Security
    • Fully Compatible

      Shell cannot connect to mongod with TLS1_0 disabled

      The mongod log file

      tail mongod.log
      2017-10-24T14:13:27.180-0400 I CONTROL  [initandlisten]
      2017-10-24T14:13:27.180-0400 I CONTROL  [initandlisten] ** WARNING: No SSL certificate validation can be performed since no CA file has been provided
      2017-10-24T14:13:27.180-0400 I CONTROL  [initandlisten] **          Please specify an sslCAFile parameter.
      2017-10-24T14:13:27.180-0400 I CONTROL  [initandlisten]
      2017-10-24T14:13:27.182-0400 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/data/diagnostic.data'
      2017-10-24T14:13:27.182-0400 I NETWORK  [thread1] waiting for connections on port 27017 ssl
      2017-10-24T14:13:28.011-0400 I FTDC     [ftdc] Unclean full-time diagnostic data capture shutdown detected, found interim file, some metrics may have been lost. OK
      2017-10-24T14:13:29.984-0400 I NETWORK  [thread1] connection accepted from 127.0.0.1:53537 #1 (1 connection now open)
      2017-10-24T14:13:29.984-0400 E NETWORK  [conn1] SSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
      2017-10-24T14:13:29.984-0400 I -        [conn1] end connection 127.0.0.1:53537 (1 connection now open)
      

            Assignee:
            backlog-server-security [DO NOT USE] Backlog - Security Team
            Reporter:
            vick.mena Vick Mena (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: