TLS handshake failed

I’m trying to connect to my atlas cluster via the php driver but I keep getting a handshake error:

Fatal error: Uncaught MongoDB\Driver\Exception\ConnectionTimeoutException: No suitable servers found (serverSelectionTryOnce set): [TLS handshake failed: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed calling ismaster on '<mycluster>.mongodb.net:27017'] [TLS handshake failed: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed calling ismaster on '<mycluster>.mongodb.net:27017'] [TLS handshake failed: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate.......

My school webserver admins tell me that either the driver or the cluster is forcing SSL3 and my schools server only allows TLS1.2 connections. They assume it is the atlas server forcing SSL3. Do I need to change this in the driver or cluster and where would I do that? Thanks for your help!

1 Like

Welcome to the MongoDB Community Forums @Jannick_Schroer !

Your error message appears to be truncated but based on certificate verify failed I expect you need to update the root certificates available in your O/S or PHP environment similar to Keep getting ServerSelectionTimeoutError - #11 by Stennie_X.

You may need help from an administrator to update certificates in a managed environment like a school web server.

MongoDB Atlas currently requires TLS 1.2 by default (see FAQ: Security for more details).

SSL3 was deprecated in 2015, but evolved into TLS 1.0 in case you are wondering about the SSL3 reference in that error message. SSL & TLS are often used interchangeably, but all modern versions of https are actually using TLS.

Regards,
Stennie

I asked them if the certificates are up to date, which they confirmed. So what I am interpreting is that php driver may not be using the newest ones or the certificates are actually not up to date… Is there anyway to check? I have read permissions to the ca.pem file…