- Security >
- TLS/SSL (Transport Encryption)
TLS/SSL (Transport Encryption)¶
On this page
TLS/SSL¶
MongoDB supports TLS/SSL (Transport Layer Security/Secure Sockets Layer) to encrypt all of MongoDB’s network traffic. TLS/SSL ensures that MongoDB network traffic is only readable by the intended client.
TLS Versions¶
MongoDB disables support for TLS 1.0 encryption on systems where TLS 1.1+ is available. For more details, see Disable TLS 1.0.
TLS Libraries¶
Starting in version 4.0, MongoDB uses the native TLS/SSL OS libraries:
Windows | Secure Channel (Schannel) |
Linux/BSD | OpenSSL |
macOS | Secure Transport |
TLS/SSL Ciphers¶
MongoDB’s TLS/SSL encryption only allows use of strong TLS/SSL ciphers with a minimum of 128-bit key length for all connections.
Forward Secrecy¶
Forward Secrecy cipher suites create an ephemeral session key that is protected by the server’s private key but is never transmitted. The use of an ephemeral key ensures that even if a server’s private key is compromised, you cannot decrypt past sessions with the compromised key.
MongoDB supports Forward Secrecy cipher suites that use Ephemeral Diffie-Hellman (DHE) and Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) algorithms.
Ephemeral Elliptic Curve Diffie-Hellman (ECDHE)¶
Linux | Starting in version 4.2
Starting in 3.6.14 and 4.0.3
Note If support for ECDHE is enabled, MongoDB 4.2+ attempts to enable support for Ephemeral Diffie-Hellman (DHE) if Ephemeral Diffie-Hellman (DHE) is not explicitly enabled. See Ephemeral Diffie-Hellman (DHE) for details. |
Windows | Starting in version 4.0, Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) is implicitly supported through the use of Secure Channel (Schannel), the native Windows TLS/SSL library. |
macOS | Starting in version 4.0, Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) is implicitly supported through the use of Secure Transport, the native macOS TLS/SSL library. |
ECDHE cipher suites are slower than static RSA cipher suites. For
better performance with ECDHE, you can use certificates that use
Elliptic Curve Digital Signature Algorithm (ECDSA
). See also
Forward Secrecy Performance for more information
Ephemeral Diffie-Hellman (DHE)¶
Linux | Starting in version 4.2: MongoDB enables support for Ephemeral Diffie-Hellman (DHE):
For versions 3.6 and 4.0, MongoDB enables support for Ephemeral Diffie-Hellman (DHE):
|
Windows | Starting in version 4.0, Ephemeral Diffie-Hellman (DHE) is implicitly supported through the use of Secure Channel (Schannel), the native Windows TLS/SSL library. |
macOS | Starting in version 4.0, Ephemeral Diffie-Hellman (DHE) is implicitly supported through the use of Secure Transport, the native macOS TLS/SSL library. |
Note
If clients negotiate a cipher suite with DHE but cannot accept the server selected parameter, the TLS connection fails.
Strong parameters (i.e. size is greater than 1024) are not supported with Java 6 and 7 unless extended support has been purchased from Oracle. However, Java 7 supports and prefers ECDHE, so will negotiate ECDHE if available.
DHE (and ECDHE) cipher suites are slower performance than static RSA cipher suites, with DHE being significantly slower than ECDHE. See Forward Secrecy Performance for more information.
Forward Secrecy Performance¶
DHE and ECDHE cipher suites are slower than static RSA cipher suites, with DHE being significantly slower than ECDHE.
For better performance with ECDHE, you can use certificates that
use Elliptic Curve Digital Signature Algorithm (ECDSA
).
Alternatively, you can disable ECDHE cipher suites with the
opensslCipherConfig
parameter as in the following example
(which also disables DHE)
If you need to disable support for DHE cipher suites due to
performance, you can use the opensslCipherConfig
parameter, as in the following example:
Certificates¶
To use TLS/SSL with MongoDB , you must have the TLS/SSL certificates as
PEM
files, which are concatenated certificate containers.
MongoDB can use any valid TLS/SSL certificate issued by a certificate authority or a self-signed certificate. For production use, your MongoDB deployment should use valid certificates generated and signed by the same certificate authority. You can generate and maintain an independent certificate authority, or use certificates generated by a third-party TLS/SSL vendor.
Using a certificate signed by a trusted certificate authority allows MongoDB drivers to verify the server’s identity.
For example, see TLS/SSL Configuration for Clients.
Identity Verification¶
In addition to encrypting connections, TLS/SSL allows for authentication using certificates, both for client authentication and for internal authentication of members of replica sets and sharded clusters.
For more information, see:
FIPS Mode¶
Enterprise Feature
Available in MongoDB Enterprise only.
The Federal Information Processing Standard (FIPS) is a U.S. government computer security standard used to certify software modules and libraries that encrypt and decrypt data securely. You can configure MongoDB to run with a FIPS 140-2 certified library for OpenSSL. Configure FIPS to run by default or as needed from the command line.
For an example, see Configure MongoDB for FIPS.