Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12051

Docs for SERVER-36919: Add server setParameter tlsWithholdClientCertificate (bool)

      Description

      Description:

      When this new server parameter is specified, the mongod acting as a client during intracluster communication will NOT send its configured TLS certificate to the remote mongod.

      Engineering Ticket Description:

      Allow intra-cluster communications which aren't using MONGODB_X509 to establish TLS streams without using a client certificate even if one is configured for inbound connections.

      Note that this setParameter will only be useful when used in connection with --tlsAllowConnectionsWithoutCertificates or similar settings which allow certificateless inbound connections.

      Scope of changes

      For 4.2 only:

      • add tlsWitholdClientCertificate as a setParameter option
      • Mark sslWithholdClientCertificate as a deprecated setParameter option and point to tlsWitholdClientCertificate

      For 4.0.3, 3.4.18, 3.6.9:

      • add sslWithholdClientCertificate as a setParameter option

            Assignee:
            isabella.siu@mongodb.com Isabella Siu (Inactive)
            Reporter:
            kay.kim@mongodb.com Kay Kim (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:
              5 years, 32 weeks, 1 day ago