Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Duplicate
Priority: Minor - P4
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Current status:

Since MongoDB 4.2, the SSL/TLS options were migrated from -~~ssl~~ to -tls on mongo, mongod, and mongoS :

############## 4.2 ##############mongo --version
MongoDB shell version v4.2.23
git version: f4e6602d3a4c5b22e9d8bcf0722d0afd0ec01ea2
OpenSSL version: OpenSSL 1.1.1f  31 Mar 2020

mongo --help | egrep -i 'ssl|tls'
TLS Options:
  --tls                                use TLS for all connections
  --tlsCertificateKeyFile arg          PEM certificate/key file for TLS
  --tlsCertificateKeyFilePassword arg  Password for key in PEM file for TLS
  --tlsCAFile arg                      Certificate Authority file for TLS
  --tlsCRLFile arg                     Certificate Revocation List file for TLS
  --tlsAllowInvalidHostnames           Allow connections to servers with 
  --tlsAllowInvalidCertificates        Allow connections to servers with 
  --tlsFIPSMode                        Activate FIPS 140-2 mode at startup
  --tlsDisabledProtocols arg           Comma separated list of TLS protocols to
                                       disable [TLS1_0,TLS1_1,TLS1_2]

############## 4.0 ##############mongo --version
MongoDB shell version v4.0.28
git version: af1a9dc12adcfa83cc19571cb3faba26eeddac92
OpenSSL version: OpenSSL 1.1.1f  31 Mar 2020

mongo --help | egrep -i 'ssl|tls'
  --ssl                               use SSL for all connections
  --sslCAFile arg                     Certificate Authority file for SSL
  --sslPEMKeyFile arg                 PEM certificate/key file for SSL
  --sslPEMKeyPassword arg             password for key in PEM file for SSL
  --sslCRLFile arg                    Certificate Revocation List file for SSL
  --sslAllowInvalidHostnames          allow connections to servers with 
  --sslAllowInvalidCertificates       allow connections to servers with invalid
  --sslFIPSMode                       activate FIPS 140-2 mode at startup
  --sslDisabledProtocols arg          Comma separated list of TLS protocols to 
                                      disable [TLS1_0,TLS1_1,TLS1_2]

However, when we check the MongoDB tools, we can see it still using the legacy options:

mongodump --version
mongodump version: 100.6.1
git version: 6d9d341edd33b892a2ded7bae529b0e2a96aae01
Go version: go1.17.10

mongodump --help | egrep -i 'ssl|tls'
ssl options:
      --ssl                                                 connect to a mongod or mongos that has ssl enabled
      --sslCAFile=<filename>                                the .pem file containing the root certificate chain from the certificate authority
      --sslPEMKeyFile=<filename>                            the .pem file containing the certificate and key
      --sslPEMKeyPassword=<password>                        the password to decrypt the sslPEMKeyFile, if necessary
      --sslCRLFile=<filename>                               the .pem file containing the certificate revocation list
      --sslFIPSMode                                         use FIPS mode of the installed openssl library
      --tlsInsecure                                         bypass the validation for server's certificate chain and host name

Proposed Fix:

Update the SSL/TLS options on MongoDB Tools to use the current standard since 4.2.

The current scenario can lead to errors since the options for mongo,mongod, and mongoS are not accepted by MongoDB Tools.

duplicates

TOOLS-2375 Add TLS command line options and deprecate SSL command line options.

Accepted

Assignee:: Unassigned

Reporter:: Jean da Silva

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Nov 29 2022 07:58:12 PM UTC

Updated:: Dec 06 2022 02:20:41 AM UTC

Resolved:: Dec 01 2022 07:27:42 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates