SERVER-34621 Log if client attempts unsupported TLS renegotiation on Windows

(cherry picked from commit 8de4f3563737eb3b23ae37eeaa9efa1cb40dc350)

4 files changed, 10 insertions, 4 deletions

diff --git a/src/mongo/transport/service_state_machine.cpp b/src/mongo/transport/service_state_machine.cpp
index 1aed664aecf..0936a30f38f 100644
--- a/src/mongo/transport/service_state_machine.cpp
+++ b/src/mongo/transport/service_state_machine.cpp
@@ -308,7 +308,8 @@ void ServiceStateMachine::_sourceCallback(Status status) {
                                       transport::ServiceExecutorTaskName::kSSMProcessMessage);
     } else if (ErrorCodes::isInterruption(status.code()) ||
                ErrorCodes::isNetworkError(status.code())) {
-        LOG(2) << "Session from " << remote << " encountered a network error during SourceMessage";
+        LOG(2) << "Session from " << remote
+               << " encountered a network error during SourceMessage: " << status;
         _state.store(State::EndSession);
     } else if (status == TransportLayer::TicketSessionClosedStatus) {
         // Our session may have been closed internally.
diff --git a/src/mongo/util/net/ssl/detail/impl/schannel.ipp b/src/mongo/util/net/ssl/detail/impl/schannel.ipp
index 1dd9577b10e..81f8ffc21c5 100644
--- a/src/mongo/util/net/ssl/detail/impl/schannel.ipp
+++ b/src/mongo/util/net/ssl/detail/impl/schannel.ipp
@@ -608,7 +608,7 @@ ssl_want SSLReadManager::decryptBuffer(asio::error_code& ec, DecryptState* pDecr
             *pDecryptState = DecryptState::Renegotiate;
 
             // Fail the connection on SSL renegotiations
-            ec = asio::ssl::error::stream_truncated;
+            ec = asio::ssl::error::no_renegotiation;
             return ssl_want::want_nothing;
         }
 
diff --git a/src/mongo/util/net/ssl/error.hpp b/src/mongo/util/net/ssl/error.hpp
index 9996b825b12..3bf0ea02510 100644
--- a/src/mongo/util/net/ssl/error.hpp
+++ b/src/mongo/util/net/ssl/error.hpp
@@ -43,12 +43,14 @@ namespace error {
 enum stream_errors {
 #if defined(GENERATING_DOCUMENTATION)
     /// The underlying stream closed before the ssl stream gracefully shut down.
-    stream_truncated
+    stream_truncated,
+    no_renegotiation
 #elif (OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_IS_BORINGSSL) && \
     MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_OPENSSL
     stream_truncated = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ)
 #else
-    stream_truncated = 1
+    stream_truncated = 1,
+    no_renegotiation
 #endif
 };
 
diff --git a/src/mongo/util/net/ssl/impl/error.ipp b/src/mongo/util/net/ssl/impl/error.ipp
index b691cb391f7..abe179c33a7 100644
--- a/src/mongo/util/net/ssl/impl/error.ipp
+++ b/src/mongo/util/net/ssl/impl/error.ipp
@@ -37,6 +37,9 @@ public:
 
 #if MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_WINDOWS
     std::string message(int value) const {
+        if (value == asio::ssl::error::no_renegotiation) {
+            return "peer requested renegotiation, which is not supported";
+        }
         return mongo::errnoWithDescription(value);
     }
 #elif MONGO_CONFIG_SSL_PROVIDER == MONGO_CONFIG_SSL_PROVIDER_OPENSSL