Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.0.3, 4.1.3, 3.6.9, 3.4.18, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113, Server_Docs_20240319
Affects Version/s: None
Component/s: manual, Server
Labels:
None

Epic Link:
DOCS: 4.2 Server/Tools

Description

Description:

When this new server parameter is specified, the mongod acting as a client during intracluster communication will NOT send its configured TLS certificate to the remote mongod.

Engineering Ticket Description:

Allow intra-cluster communications which aren't using MONGODB_X509 to establish TLS streams without using a client certificate even if one is configured for inbound connections.

Note that this setParameter will only be useful when used in connection with --tlsAllowConnectionsWithoutCertificates or similar settings which allow certificateless inbound connections.

Scope of changes

For 4.2 only:

add tlsWitholdClientCertificate as a setParameter option
Mark sslWithholdClientCertificate as a deprecated setParameter option and point to tlsWitholdClientCertificate

For 4.0.3, 3.4.18, 3.6.9:

add sslWithholdClientCertificate as a setParameter option

documents

SERVER-36919 Add server setParameter tlsWithholdClientCertificate (bool)

Closed

Assignee:: Isabella Siu (Inactive)

Reporter:: Kay Kim (Inactive)

Participants:: Githook User, Isabella Siu, Kay Kim

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Sep 12 2018 07:51:44 PM UTC

Updated:: Mar 20 2024 04:59:08 PM UTC

Resolved:: Oct 12 2018 09:17:36 PM UTC

Days since reply:: 5 years, 23 weeks, 4 days ago

Details

Description

Description

Description:

Engineering Ticket Description:

Scope of changes

Attachments

Issue Links

Activity

People

Dates