MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Submitted
Categories Drivers (ie: Node.js, Java, .NET)
Created by Guest
Created on Aug 30, 2024

RELATED FEEDBACK

Add support for tlsAllowInvalidCertificates

We use mongodb replicaset with encryption in-flight enabled (tls=true), but we don't require client certificates. For mongosh and c# drivers there is a parameter tlsAllowInvalidCertificates which let us DONT use any certificates including root CA certificate. But java driver does not support this parameter. which creates extra complexity to maintain java applications. Can we add support of this parameter to java drivers as well ?
  • Guest
    Sep 1, 2024
    It depends on requirements. On the other hand a lack of support of tlsAllowInvalidCertificates parameter in java driver makes it inconsistent with other drivers and with mongosh. It should be a conscious choice to use this parameter, but it does not mean that this parameter should be completely ignored.
    Reply
  • Guest
    Aug 31, 2024
    Note that tlsAllowInvalidCertificates effectively disables certificate validation on the client. Subsequently it would be seen as a security risk (due to MITM vulnerability) and a potential compliance issue. If tlsAllowInvalidCertificates is thought to be a solution to an operational problem in production, PKI may not be leveraged correctly.
    Reply