Simplifying TLS error detection

nhachicha · nhachicha · commit 0050ab14d04b · 2026-05-05T15:29:28.000+01:00
diff --git a/driver-core/src/main/com/mongodb/internal/connection/BackpressureErrorLabeler.java b/driver-core/src/main/com/mongodb/internal/connection/BackpressureErrorLabeler.java
@@ -82,23 +82,8 @@ private static boolean isTlsConfigurationError(final MongoSocketException t) {
             }
             if (cause instanceof SSLHandshakeException) {
                 String message = cause.getMessage();
-                if (message != null) {
-                    String lowerMessage = message.toLowerCase(Locale.ROOT);
-                    if (lowerMessage.contains("certificate")
-                            || lowerMessage.contains("verify")
-                            || lowerMessage.contains("trust")
-                            || lowerMessage.contains("hostname")
-                            || lowerMessage.contains("protocol")
-                            || lowerMessage.contains("cipher")
-                            // PKIX path building/validation failures surface as SSLHandshakeException
-                            // when the underlying CertPath* cause is not in the chain.
-                            || lowerMessage.contains("pkix")
-                            // Any "Received fatal alert: X" from OpenJDK's JSSE provider means the
-                            // server actively answered with a TLS protocol error — not an overload
-                            // signal. Catches all 25 RFC handshake alert descriptions in one rule.
-                            || lowerMessage.contains("received fatal alert")) {
-                        return true;
-                    }
+                if (message != null && message.toLowerCase(Locale.ROOT).contains("received fatal alert")) {
+                    return true;
                 }
             }
             cause = cause.getCause();
diff --git a/driver-core/src/test/unit/com/mongodb/internal/connection/BackpressureErrorLabelerTest.java b/driver-core/src/test/unit/com/mongodb/internal/connection/BackpressureErrorLabelerTest.java
@@ -87,8 +87,16 @@ static Stream<Named<Throwable>> localTlsConfigErrorShouldNotBeLabeled() {
                 named(new CertPathValidatorException("validation failed")),
                 named(new SSLPeerUnverifiedException("peer not verified")),
                 named(new SSLProtocolException("protocol error")),
-                named(new SSLHandshakeException("PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: "
-                        + "unable to find valid certification path to requested target"))
+                named(initCause(
+                        new SSLHandshakeException("SSLHandshakeException invoking https://1.2.3.4:8443/api/methodName: "
+                                + "sun.security.validator.ValidatorException: PKIX path building failed"),
+                        initCause(
+                                new SSLHandshakeException("sun.security.validator.ValidatorException: "
+                                        + "PKIX path building failed: "
+                                        + "sun.security.provider.certpath.SunCertPathBuilderException: "
+                                        + "unable to find valid certification path to requested target"),
+                                new CertPathBuilderException(
+                                        "unable to find valid certification path to requested target"))))
         );
     }
 
