How to use MongoDB with SSL
In times where everybody is concerned about the security of their data it’s kind of surprising that there isn’t too much information about using MongoDB with SSL connections out there. You must be aware that if you are using MongoDB on a public network, all the data you transmit from the database to your application is completely unencrypted. Luckily however, MongoDB offers the option to be compiled with SSL support. Unfortunately none of the default packages for all major Linux distributions that I am aware of have that support compiled in.
But due to MongoDB’s great documentation getting a mongod with SSL support is quite easy. After you have finished compiling have another look at the documentation on how to configure mongod and change your client connections.
Now the interesting part is that – as always – having more security in place is some kind of a trade-off. In this case you have to compile MongoDB yourself which may require considerable effort to integrate this into your production deployment. On the other hand, SSL usually impacts performance due to computational overhead.
So for the sake of getting a rough idea on what an impact on performance SSL support in MongoDB could mean I have concluded some simple benchmarks. These are based on David Mytton’s benchmarks at ServerDensity.
I have taken a sample of 100 inserts into an otherwise empty collection. Longer runs have shown the same numbers so no need to have a larger dataset here:
As you can see the SSL overhead is clearly visible being about 0.05ms slower than a plain connection. The median for the inserts with SSL is 0.28ms. Plain connections have a median at around 0.23ms. So there is a performance loss of about 25%. These are all just rough numbers. Your mileage may vary.
Overall I think you can get quite a good idea of what introducing SSL support for MongoDB means in terms of consequences for your capacity planning.
Lastly we are happy to announce that MongoSoup, our German MongoDB-as-a-Service solution, is currently working on offering SSL-enabled MongoDB instances to our customers. If you are interested to join the Beta, please fill out the form on the bottom of this page and we will contact you with further details.
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)