Details
Description
Description
Description:
When this new server parameter is specified, the mongod acting as a client during intracluster communication will NOT send its configured TLS certificate to the remote mongod.
Engineering Ticket Description:
Allow intra-cluster communications which aren't using MONGODB_X509 to establish TLS streams without using a client certificate even if one is configured for inbound connections.
Note that this setParameter will only be useful when used in connection with --tlsAllowConnectionsWithoutCertificates or similar settings which allow certificateless inbound connections.
Scope of changes
For 4.2 only:
- add tlsWitholdClientCertificate as a setParameter option
- Mark sslWithholdClientCertificate as a deprecated setParameter option and point to tlsWitholdClientCertificate
For 4.0.3, 3.4.18, 3.6.9:
- add sslWithholdClientCertificate as a setParameter option
Attachments
Issue Links
- documents
-
SERVER-36919 Add server setParameter tlsWithholdClientCertificate (bool)
-
- Closed
-