MongoDB community disabled TLS Java client error

Alejandro_Nino · June 28, 2023, 10:04pm

Hi there,

My coworkers and I have configured a replica-set on Docker using MongoDB 6.0. We are facing an error when we connect a microservice using java client. Our config files for each member have tls.mode=disabled and microservice connection-string have tls=false, however primary server logs show this:

{"t":{"$date":"2023-06-28T11:46:29.202+00:00"},"s":"I",  "c":"NETWORK",  "id":22988,   "ctx":"conn41","msg":"Error receiving request from client. Ending connection from remote","attr":{"error":{"code":141,"codeName":"SSLHandshakeFailed","errmsg":"SSL handshake received but server is started without SSL support"},"remote":"10.84.0.25:33564","connectionId":41}}

We asume, we should configure tls on server (it looks like it is mandatory) but, why is mongo driver trying to open a connection using tls if connection string sets option to false? this is the connection-string: mongodb+srv://customers:customers@mongo.ns.company.com/customers?tls=false

The driver information we can see in microservice logs:

{"driver": {"name": "mongo-java-driver|sync|spring-boot", "version": "4.8.2"}, "os": {"type": "Linux", "name": "Linux", "architecture": "amd64", "version": "5.10.162+"}, "platform": "Java/BellSoft/17.0.7+7-LTS"}

Thanks for your time!

Kobe_W · June 29, 2023, 4:31am

What did you see when the java code tries to connect to the server using that connection string? Can the code successfully connect?

i see the server log says severity info, not an error.

Alejandro_Nino · June 29, 2023, 9:10am

Hi @Kobe_W, thanks

Our microservice does not run, we see this in the log:

Unsatisfied dependency expressed through method 'createCustomerUseCase' parameter 0: Error creating 
bean with name 'customerRepository' defined in com.company.pocmongodb.infrastructure.CustomerRepository defined in @EnableMongoRepositories declared on MongoRepositoriesRegistrar.EnableMongoRepositoriesConfiguration: Cannot resolve refere
nce to bean 'mongoTemplate' while setting bean property 'mongoOperations'                                                                                                                                                                     
    at com.mongodb.ConnectionString.<init>(ConnectionString.java:410)                                                                                                                                                                         
    at org.springframework.boot.autoconfigure.mongo.MongoPropertiesClientSettingsBuilderCustomizer.applyHostAndPort(MongoPropertiesClientSettingsBuilderCustomizer.java:62)                                                                   
    at org.springframework.boot.autoconfigure.mongo.MongoPropertiesClientSettingsBuilderCustomizer.customize(MongoPropertiesClientSettingsBuilderCustomizer.java:51)                                                                          
    at org.springframework.boot.autoconfigure.mongo.MongoClientFactorySupport.customize(MongoClientFactorySupport.java:55)                                                                                                                    
    at org.springframework.boot.autoconfigure.mongo.MongoClientFactorySupport.createMongoClient(MongoClientFactorySupport.java:49)                                                                                                            
    at org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration.mongo(MongoAutoConfiguration.java:52)                                                                                                                              
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                                                                                                                                                         
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)                                                                                                                                                         
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)                                                                                                                                                     
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:139) [1 skipped]                                                                                                    
    at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:655)                                                                                                                                
    ... 94 common frames omitted

If we remove tls option from connection-string, microservice deploys but it fails to connect to the database

2023-06-29 09:18:06,600 [.com:30002] DEBUG [o.m.d.cluster] Updating cluster description to  {type=REPLICA_SET, servers=[{address=mongo_3.ns.company.com:30003, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.Mon
goSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake}, caused by {java.io.EOFException: SSL peer shut down incorrectly}}, {address=mongo_2.ns
.company.com:30002, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake}, caused by {ja
va.io.EOFException: SSL peer shut down incorrectly}}, {address=mongo_1.ns.company.com:30001, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {jav
ax.net.ssl.SSLHandshakeException: Remote host terminated the handshake}, caused by {java.io.EOFException: SSL peer shut down incorrectly}}]                                                                                                   
2023-06-29 09:18:06,601 [.com:30001] DEBUG [o.m.d.connection] Closing connection connectionId{localValue:21}                                                                                                                                  
2023-06-29 09:18:06,601 [.com:30001] DEBUG [o.m.d.cluster] Updating cluster description to  {type=REPLICA_SET, servers=[{address=mongo_3.ns.company.com:30003, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.Mon
goSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake}, caused by {java.io.EOFException: SSL peer shut down incorrectly}}, {address=mongo_2.ns
.company.com:30002, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake}, caused by {ja
va.io.EOFException: SSL peer shut down incorrectly}}, {address=mongo_1.ns.company.com:30001, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {jav
ax.net.ssl.SSLHandshakeException: Remote host terminated the handshake}, caused by {java.io.EOFException: SSL peer shut down incorrectly}}]                                                                                                   
2023-06-29 09:18:06,602 [.com:30002] DEBUG [o.m.d.connection] Closing connection connectionId{localValue:20}                                                                                                                                  
2023-06-29 09:18:06,602 [.com:30003] DEBUG [o.m.d.connection] Closing connection connectionId{localValue:24}

I’ve been re-reading this part of the Mongo documentation DNS seed list Note and checking the ConnectionString.java at 410 line. And, it looks like in order to works we have to add ssl AND tls option.

Kobe_W · June 29, 2023, 6:36pm

tls needs to be disabled in connection string as server doesn’t have the support. So you will have to fix this exception.

Alejandro_Nino · July 9, 2023, 8:50pm

At the end, this is the solution. We had to disable tls and ssl explicitly in the connection string. We misunderstood this part of the mongo documentation:

Use of the +srv connection string modifier automatically sets the tls (or the equivalent ssl) option to true for the connection. You can override this behavior by explicitly setting the tls) (or the equivalent ssl) option to false with tls=false (or ssl=false ) in the query string.

This is connection string we are using now:

mongodb+srv://customers:customers@mongo.ns.company.com/customers?tls=false&ssl=false&readPreference=secondary

system · July 14, 2023, 8:50pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.