Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-12051

Docs for SERVER-36919: Add server setParameter tlsWithholdClientCertificate (bool)

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.0.3, 4.1.3, 3.6.9, 3.4.18
    • Component/s: manual, Server
    • Labels:
      None

      Description

      Description

      Description:

      When this new server parameter is specified, the mongod acting as a client during intracluster communication will NOT send its configured TLS certificate to the remote mongod.

      Engineering Ticket Description:

      Allow intra-cluster communications which aren't using MONGODB_X509 to establish TLS streams without using a client certificate even if one is configured for inbound connections.

      Note that this setParameter will only be useful when used in connection with --tlsAllowConnectionsWithoutCertificates or similar settings which allow certificateless inbound connections.

      Scope of changes

      For 4.2 only:

      • add tlsWitholdClientCertificate as a setParameter option
      • Mark sslWithholdClientCertificate as a deprecated setParameter option and point to tlsWitholdClientCertificate

      For 4.0.3, 3.4.18, 3.6.9:

      • add sslWithholdClientCertificate as a setParameter option

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              isabella.siu Isabella Siu (Inactive)
              Reporter:
              kay.kim Kay Kim (Inactive)
              Participants:
              Last commenter:
              Githook User Githook User
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since reply:
                3 years, 2 weeks, 5 days ago
                Date of 1st Reply: