Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12051

Docs for SERVER-36919: Add server setParameter tlsWithholdClientCertificate (bool)

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 4.0.3, 4.1.3, 3.6.9, 3.4.18
    • manual, Server
    • None

    Description

      Description

      Description:

      When this new server parameter is specified, the mongod acting as a client during intracluster communication will NOT send its configured TLS certificate to the remote mongod.

      Engineering Ticket Description:

      Allow intra-cluster communications which aren't using MONGODB_X509 to establish TLS streams without using a client certificate even if one is configured for inbound connections.

      Note that this setParameter will only be useful when used in connection with --tlsAllowConnectionsWithoutCertificates or similar settings which allow certificateless inbound connections.

      Scope of changes

      For 4.2 only:

      • add tlsWitholdClientCertificate as a setParameter option
      • Mark sslWithholdClientCertificate as a deprecated setParameter option and point to tlsWitholdClientCertificate

      For 4.0.3, 3.4.18, 3.6.9:

      • add sslWithholdClientCertificate as a setParameter option

      Attachments

        Issue Links

          Activity

            People

              isabella.siu@mongodb.com Isabella Siu (Inactive)
              kay.kim@mongodb.com Kay Kim (Inactive)
              Jess Mokrzecki Jess Mokrzecki
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                4 years, 44 weeks, 6 days ago