Skip to content

How can we improve the MongoDB Drivers?

← Drivers

Add support for tlsAllowInvalidCertificates

We use mongodb replicaset with encryption in-flight enabled (tls=true), but we don't require client certificates. For mongosh and c# drivers there is a parameter tlsAllowInvalidCertificates which let us DONT use any certificates including root CA certificate.

But java driver does not support this parameter. which creates extra complexity to maintain java applications.

Can we add support of this parameter to java drivers as well ?

1 vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Sergey shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Sergey commented  ·   ·  Report

    It depends on requirements.
    On the other hand a lack of support of tlsAllowInvalidCertificates parameter in java driver makes it inconsistent with other drivers and with mongosh.

    It should be a conscious choice to use this parameter, but it does not mean that this parameter should be completely ignored.

  • Dmitry commented  ·   ·  Report

    Note that tlsAllowInvalidCertificates effectively disables certificate validation on the client. Subsequently it would be seen as a security risk (due to MITM vulnerability) and a potential compliance issue.

    If tlsAllowInvalidCertificates is thought to be a solution to an operational problem in production, PKI may not be leveraged correctly.

Drivers: Java

Categories

Feedback and Knowledge Base

(thinking…)