From c799da8433f3b68f2f1e1597ee810248d949deef Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 3 Dec 2024 16:17:55 -0500 Subject: [PATCH 1/7] DOCSP-38014 SSL Error Workaround --- source/fundamentals/connection/tls.txt | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt index 47c23743..5ecd66e3 100644 --- a/source/fundamentals/connection/tls.txt +++ b/source/fundamentals/connection/tls.txt @@ -77,6 +77,26 @@ in the following ways: see the :manual:`SRV Connection Format ` section in the Server manual. +.. note:: Workaround when Using OpenSSL Version 3.0 and Later + + The {+driver-short+} depends on OpenSSL by default and can encounter "unsafe + legacy renegotiation disabled" errors when using OpenSSL versions 3.0 and later, + due to outdated SSL proxies. If you encounter this error, you can set the + ``SSL_OP_LEGACY_SERVER_CONNECT`` option to resolve, as shown in the following + example: + + .. code-block:: js + :emphasize-lines: 6 + + import { MongoClient } from 'mongodb'; + import { * as crypto } from 'crypto'; + + const client = new MongoClient("mongodb+srv://...", { + secureContext: { + secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT + } + }); + In addition to the ``tls`` client option, the driver provides more options to configure TLS on your connection. For **testing purposes**, you can set the ``tlsAllowInvalidHostnames``, From 729fb006503d70bc3e4c4b0def3671686b69c854 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Tue, 3 Dec 2024 16:19:35 -0500 Subject: [PATCH 2/7] change name --- source/fundamentals/connection/tls.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt index 5ecd66e3..adb45b2d 100644 --- a/source/fundamentals/connection/tls.txt +++ b/source/fundamentals/connection/tls.txt @@ -77,7 +77,7 @@ in the following ways: see the :manual:`SRV Connection Format ` section in the Server manual. -.. note:: Workaround when Using OpenSSL Version 3.0 and Later +.. note:: Workaround for the "unsafe legacy renegotiation disabled" error The {+driver-short+} depends on OpenSSL by default and can encounter "unsafe legacy renegotiation disabled" errors when using OpenSSL versions 3.0 and later, From 6c802b87a0d36bbfc6d081241ce1ab510a581886 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Wed, 4 Dec 2024 16:51:16 -0500 Subject: [PATCH 3/7] copy fix --- source/fundamentals/connection/tls.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt index adb45b2d..9a8ef9e6 100644 --- a/source/fundamentals/connection/tls.txt +++ b/source/fundamentals/connection/tls.txt @@ -77,13 +77,13 @@ in the following ways: see the :manual:`SRV Connection Format ` section in the Server manual. -.. note:: Workaround for the "unsafe legacy renegotiation disabled" error +.. note:: Workaround for an "unsafe legacy renegotiation disabled" error - The {+driver-short+} depends on OpenSSL by default and can encounter "unsafe - legacy renegotiation disabled" errors when using OpenSSL versions 3.0 and later, - due to outdated SSL proxies. If you encounter this error, you can set the - ``SSL_OP_LEGACY_SERVER_CONNECT`` option to resolve, as shown in the following - example: + The {+driver-short+} depends on OpenSSL by default. You may encounter an "unsafe + legacy renegotiation disabled" error in certain environments when using OpenSSL + versions 3.0 and later, due to outdated SSL proxies. If you encounter this error, + you can set the ``SSL_OP_LEGACY_SERVER_CONNECT`` option to resolve, as shown in + the following example: .. code-block:: js :emphasize-lines: 6 From 6a8a4eac7b3280bcf8d3362039e3dc1cee5dd38f Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Thu, 5 Dec 2024 14:00:35 -0500 Subject: [PATCH 4/7] tech reviewer comments --- source/fundamentals/connection/tls.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt index 9a8ef9e6..ba403ec3 100644 --- a/source/fundamentals/connection/tls.txt +++ b/source/fundamentals/connection/tls.txt @@ -89,12 +89,12 @@ in the following ways: :emphasize-lines: 6 import { MongoClient } from 'mongodb'; - import { * as crypto } from 'crypto'; + import crypto from 'crypto'; const client = new MongoClient("mongodb+srv://...", { - secureContext: { - secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT - } + secureContext: { + secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT + } }); In addition to the ``tls`` client option, the driver provides more From 57010e1b1e38225505020aec4b91aed4919ddd3b Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Thu, 5 Dec 2024 18:04:55 -0500 Subject: [PATCH 5/7] Mikes comments" " " "" " " --- source/fundamentals/connection/tls.txt | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt index ba403ec3..58e2837e 100644 --- a/source/fundamentals/connection/tls.txt +++ b/source/fundamentals/connection/tls.txt @@ -77,13 +77,12 @@ in the following ways: see the :manual:`SRV Connection Format ` section in the Server manual. -.. note:: Workaround for an "unsafe legacy renegotiation disabled" error +.. note:: Workaround for an "unsafe legacy renegotiation disabled" Error - The {+driver-short+} depends on OpenSSL by default. You may encounter an "unsafe - legacy renegotiation disabled" error in certain environments when using OpenSSL - versions 3.0 and later, due to outdated SSL proxies. If you encounter this error, - you can set the ``SSL_OP_LEGACY_SERVER_CONNECT`` option to resolve, as shown in - the following example: + The {+driver-short+} depends on OpenSSL by default. Outdated SSL proxies can + cause an "unsafe legacy renegotiation disabled" error in environments using + OpenSSL 3.0 or later. You can resolve this error by setting the + ``SSL_OP_LEGACY_SERVER_CONNECT`` option, as shown in the following example: .. code-block:: js :emphasize-lines: 6 From 1edbb52eb26651dce0b34aadc1be5cc76ff0cce2 Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Thu, 5 Dec 2024 18:14:36 -0500 Subject: [PATCH 6/7] monospace --- source/fundamentals/connection/tls.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt index 58e2837e..b915bdb5 100644 --- a/source/fundamentals/connection/tls.txt +++ b/source/fundamentals/connection/tls.txt @@ -77,10 +77,10 @@ in the following ways: see the :manual:`SRV Connection Format ` section in the Server manual. -.. note:: Workaround for an "unsafe legacy renegotiation disabled" Error +.. note:: Workaround for an ``unsafe legacy renegotiation disabled`` Error The {+driver-short+} depends on OpenSSL by default. Outdated SSL proxies can - cause an "unsafe legacy renegotiation disabled" error in environments using + cause an ``unsafe legacy renegotiation disabled`` error in environments using OpenSSL 3.0 or later. You can resolve this error by setting the ``SSL_OP_LEGACY_SERVER_CONNECT`` option, as shown in the following example: From 002abafa0586995cdc767ac2db01dd39df4829fd Mon Sep 17 00:00:00 2001 From: Lindsey Moore Date: Thu, 5 Dec 2024 18:17:32 -0500 Subject: [PATCH 7/7] fix font --- source/fundamentals/connection/tls.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt index b915bdb5..63514089 100644 --- a/source/fundamentals/connection/tls.txt +++ b/source/fundamentals/connection/tls.txt @@ -77,7 +77,7 @@ in the following ways: see the :manual:`SRV Connection Format ` section in the Server manual. -.. note:: Workaround for an ``unsafe legacy renegotiation disabled`` Error +.. note:: Workaround for an "unsafe legacy renegotiation disabled" Error The {+driver-short+} depends on OpenSSL by default. Outdated SSL proxies can cause an ``unsafe legacy renegotiation disabled`` error in environments using