Configuring TLS/SSL Encryption
- Last Updated: January 17, 2025
- 2 minute read
- DataDirect Connectors
- JDBC
- MongoDB 6.1
- Documentation
The driver supports TLS/SSL encryption for all supported MongoDB databases.
Note: Connection hangs can occur when the driver is configured for SSL and the database
server does not support SSL. You may want to set a login timeout using the LoginTimeout
property to avoid problems when connecting to a server that does not support SSL.
To configure SSL encryption:
Important: The driver complies with FIPS when FIPS mode is enabled with the
client JVM. See "FIPS (Federal Information Processing Standard)" for more
information.
- Set the ServerName property to the name or the IP address of the MongoDB server to which you want to connect. For example, myserver.
- Set the PortNumber property to specify the port number of the server listener. The
default is
27017. - Set the EncryptionMethod property to
SSL.
- (Optional) Set the CryptoProtocolVersion property to specify acceptable cryptographic protocol versions (for example, TLSv1.3) supported by your server.
- (Optional) Specify the location and
password of the truststore file used for SSL server authentication. Either set the
TrustStore and TrustStorePassword properties or their corresponding Java system
properties (
javax.net.ssl.trustStoreandjavax.net.ssl.trustStorePassword, respectively). - (Optional) To validate certificates
sent by the database server, set the ValidateServerCertificate property to
true. - (Optional) Set the HostNameInCertificate property to a host name to be used to validate the certificate. The HostNameInCertificate property provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested.
- (Optional) If your database server is
configured for SSL client authentication, configure your keystore information:
- Specify the location and password of the keystore file.
Either set the KeyStore and KeyStorePassword properties or their
corresponding Java system properties
(
javax.net.ssl.keyStoreandjavax.net.ssl.keyStorePassword, respectively). - If any key entry in the keystore file is password-protected, set the KeyPassword property to the key password.
- Specify the location and password of the keystore file.
Either set the KeyStore and KeyStorePassword properties or their
corresponding Java system properties
(
The following examples demonstrate the required properties for a session using TLS/SSL encryption with no authentication.
For a connection URL:
Connection conn = DriverManager.getConnection
("jdbc:datadirect:mongodb://myserver:27017;AuthenticationMethod=None;DatabaseName=mydb;
EncryptionMethod=SSL");For a data source:
MongoDBDataSource mds = new MongoDBDataSource();
mds.setDescription("My MongoDB Data Source");
mds.setAuthenticationMethod ("None")
mds.setDatabaseName("mydb");
mds.setEncryptionMethod("SSL");
mds.setServerName("myserver");