DOCSP-38014 SSL Error Workaround (#942)

lindseymoore · web-flow · commit ca66d3ebbf57 · 2024-12-06T12:44:56.000-05:00
* DOCSP-38014 SSL Error Workaround

* change name

* copy fix

* tech reviewer comments

* Mikes comments"
"
"
""
"
"

* monospace

* fix font
diff --git a/source/fundamentals/connection/tls.txt b/source/fundamentals/connection/tls.txt
@@ -77,6 +77,25 @@ in the following ways:
    see the :manual:`SRV Connection Format </reference/connection-string/#srv-connection-format>`
    section in the Server manual.
 
+.. note:: Workaround for an "unsafe legacy renegotiation disabled" Error
+
+   The {+driver-short+} depends on OpenSSL by default. Outdated SSL proxies can 
+   cause an ``unsafe legacy renegotiation disabled`` error in environments using 
+   OpenSSL 3.0 or later. You can resolve this error by setting the 
+   ``SSL_OP_LEGACY_SERVER_CONNECT`` option, as shown in the following example: 
+
+   .. code-block:: js
+      :emphasize-lines: 6
+
+      import { MongoClient } from 'mongodb';
+      import crypto from 'crypto';
+
+      const client = new MongoClient("mongodb+srv://...", {
+         secureContext: {
+            secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT
+         }
+      });
+   
 In addition to the ``tls`` client option, the driver provides more
 options to configure TLS on your connection. For **testing purposes**,
 you can set the ``tlsAllowInvalidHostnames``,
