Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DOCSP-38014 SSL Error Workaround #942

Merged
merged 7 commits into from
Dec 6, 2024
Merged

DOCSP-38014 SSL Error Workaround #942

Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c799da8
DOCSP-38014 SSL Error Workaround
lindseymoore Dec 3, 2024
729fb00
change name
lindseymoore Dec 3, 2024
6c802b8
copy fix
lindseymoore Dec 4, 2024
6a8a4ea
tech reviewer comments
lindseymoore Dec 5, 2024
57010e1
Mikes comments"
lindseymoore Dec 5, 2024
1edbb52
monospace
lindseymoore Dec 5, 2024
002abaf
fix font
lindseymoore Dec 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions source/fundamentals/connection/tls.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,26 @@ in the following ways:
see the :manual:`SRV Connection Format </reference/connection-string/#srv-connection-format>`
section in the Server manual.

.. note:: Workaround for an "unsafe legacy renegotiation disabled" error
lindseymoore marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Q: is 'unsafe legacy renegotation disabled' the exact text in the error? is it capitalized there?

Copy link
Collaborator Author

@lindseymoore lindseymoore Dec 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is how the error is written in the ticket (uncapitalized) and online in forums. Added monospace in the text if that makes it clearer that this is the verbatim error. Let me know what you think!


The {+driver-short+} depends on OpenSSL by default. You may encounter an "unsafe
lindseymoore marked this conversation as resolved.
Show resolved Hide resolved
legacy renegotiation disabled" error in certain environments when using OpenSSL
versions 3.0 and later, due to outdated SSL proxies. If you encounter this error,
lindseymoore marked this conversation as resolved.
Show resolved Hide resolved
you can set the ``SSL_OP_LEGACY_SERVER_CONNECT`` option to resolve, as shown in
lindseymoore marked this conversation as resolved.
Show resolved Hide resolved
the following example:

.. code-block:: js
:emphasize-lines: 6

import { MongoClient } from 'mongodb';
import crypto from 'crypto';

const client = new MongoClient("mongodb+srv://...", {
secureContext: {
secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT
}
});

In addition to the ``tls`` client option, the driver provides more
options to configure TLS on your connection. For **testing purposes**,
you can set the ``tlsAllowInvalidHostnames``,
Expand Down
Loading