Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DOCSP-38014 SSL Error Workaround #942

Merged
merged 7 commits into from
Dec 6, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions source/fundamentals/connection/tls.txt
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,25 @@ in the following ways:
see the :manual:`SRV Connection Format </reference/connection-string/#srv-connection-format>`
section in the Server manual.

.. note:: Workaround for an "unsafe legacy renegotiation disabled" Error

The {+driver-short+} depends on OpenSSL by default. Outdated SSL proxies can
cause an ``unsafe legacy renegotiation disabled`` error in environments using
OpenSSL 3.0 or later. You can resolve this error by setting the
``SSL_OP_LEGACY_SERVER_CONNECT`` option, as shown in the following example:

.. code-block:: js
:emphasize-lines: 6

import { MongoClient } from 'mongodb';
import crypto from 'crypto';

const client = new MongoClient("mongodb+srv://...", {
secureContext: {
secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT
}
});

In addition to the ``tls`` client option, the driver provides more
options to configure TLS on your connection. For **testing purposes**,
you can set the ``tlsAllowInvalidHostnames``,
Expand Down
Loading