DOCSP-38014 SSL Error Workaround

mongodb · Dec 3, 2024 · c799da8 · c799da8
1 parent 1a352c0
commit c799da8
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt
@@ -77,6 +77,26 @@ in the following ways:
    see the :manual:`SRV Connection Format </reference/connection-string/#srv-connection-format>`
    section in the Server manual.
 
+.. note:: Workaround when Using OpenSSL Version 3.0 and Later
+
+   The {+driver-short+} depends on OpenSSL by default and can encounter "unsafe
+   legacy renegotiation disabled" errors when using OpenSSL versions 3.0 and later,
+   due to outdated SSL proxies. If you encounter this error, you can set the 
+   ``SSL_OP_LEGACY_SERVER_CONNECT`` option to resolve, as shown in the following 
+   example: 
+
+   .. code-block:: js
+      :emphasize-lines: 6
+
+      import { MongoClient } from 'mongodb';
+      import { * as crypto } from 'crypto';
+
+      const client = new MongoClient("mongodb+srv://...", {
+      secureContext: {
+         secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT
+      }
+      });
+
 In addition to the ``tls`` client option, the driver provides more
 options to configure TLS on your connection. For **testing purposes**,
 you can set the ``tlsAllowInvalidHostnames``,