DOCSP-38014 SSL Error Workaround (#942)

* DOCSP-38014 SSL Error Workaround * change name * copy fix * tech reviewer comments * Mikes comments" " " "" " " * monospace * fix font
mongodb · Dec 6, 2024 · ca66d3e · ca66d3e
1 parent 1a352c0
commit ca66d3e
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt
@@ -77,6 +77,25 @@ in the following ways:
    see the :manual:`SRV Connection Format </reference/connection-string/#srv-connection-format>`
    section in the Server manual.
 
+.. note:: Workaround for an "unsafe legacy renegotiation disabled" Error
+
+   The {+driver-short+} depends on OpenSSL by default. Outdated SSL proxies can 
+   cause an ``unsafe legacy renegotiation disabled`` error in environments using 
+   OpenSSL 3.0 or later. You can resolve this error by setting the 
+   ``SSL_OP_LEGACY_SERVER_CONNECT`` option, as shown in the following example: 
+
+   .. code-block:: js
+      :emphasize-lines: 6
+
+      import { MongoClient } from 'mongodb';
+      import crypto from 'crypto';
+
+      const client = new MongoClient("mongodb+srv://...", {
+         secureContext: {
+            secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT
+         }
+      });
+
 In addition to the ``tls`` client option, the driver provides more
 options to configure TLS on your connection. For **testing purposes**,
 you can set the ``tlsAllowInvalidHostnames``,