SSLHandshakeFailed - The server is configured to only allow SSL connections

I have a setup of 3 config, 4 shards servers and 10 Mongos servers. Mongo Version=4.4.17-1.el7,
Recently, I have implemented the Entrust TLS certificates on MongoDB cluster, following is the information about it.

  • Client apps are not using any tls flag or certificates, they are connecting to Mongos using non-tls connection.
  • Mongos servers are using generic entrust certs and on preferTLS mode.
  • Shards and Config servers are on PreferTLS mode
  • Final goal is to keep mongos on prefer and mongod on require mode

Now, I am trying to change tls mode to requireTLS from prefer on shards and config servers. But I am receiving below errors on mongod logs after changing the flag and restarting mongod service. These are continuous errors and with IP addresses of its own cluster nodes.

{"t":{"$date":"2024-03-18T02:58:28.506+00:00"},"s":"I",  "c":"NETWORK",  "id":22988,   "ctx":"conn2257","msg":"Error receiving request from client. Ending connection from remote","attr":{"error":{"code":141,"codeName":"SSLHandshakeFailed","errmsg":"The server is configured to only allow SSL connections"},"remote":"100.200.64.183:60388","connectionId":2257}}
{"t":{"$date":"2024-03-18T02:58:28.506+00:00"},"s":"I",  "c":"NETWORK",  "id":22944,   "ctx":"conn2257","msg":"Connection ended","attr":{"remote":"100.200.64.183:60388","connectionId":2257,"connectionCount":120}}
{"t":{"$date":"2024-03-18T02:58:28.521+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"100.200.64.64:37304","connectionId":2258,"connectionCount":121}}
{"t":{"$date":"2024-03-18T02:58:28.521+00:00"},"s":"I",  "c":"NETWORK",  "id":22988,   "ctx":"conn2258","msg":"Error receiving request from client. Ending connection from remote","attr":{"error":{"code":141,"codeName":"SSLHandshakeFailed","errmsg":"The server is configured to only allow SSL connections"},"remote":"100.200.64.64:37304","connectionId":2258}}

*Mongod.conf file

net:
  port: 27018
  bindIp: 0.0.0.0
  tls:
    mode: preferTLS
    certificateKeyFile: /etc/pki/tls/certs/mongod.cert.pem
    CAFile: /etc/pki/tls/certs/mongod.ca.pem

#Authentication for cluster nodes
security:
   keyFile: /var/lib/mongo/.mongodbkey
   authorization: enabled
   javascriptEnabled: false

This issue is resolved. The cause was telegraf service. We had telegraf service running on shards and config which was continuously connecting to Mongo on non-tls causing these error lines in mongod.log.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.