Description

Description:

This renames the TLS certificate file options to match the correspond to their names in the Mongo URI spec.

Engineering Ticket Description:

To unify with mongodb:// URI options, we'll rename the tlsPEMKeyFile/tlsPEMKeyPassword to tlsCertificateKeyFile/tlsCertificateKeyFilePassword.

Also, since tlsPEMKeyFile/Password were only just introduced in the 4.1 dev branch (renamed from ssl*), we'll remove the tlsPEMKeyFile/Password settings entirely, leaving only the ssl* variants as deprecated aliases.

The idl definitions in ssl_options_server.idl and ssl_options_client.idl would thus look like:

  "net.tls.certificateKeyFile":       # Changed from "net.tls.PEMKeyFile"
    description: "PEM file for TLS"
    short_name: tlsCertificateKeyFile   # Changed from "tlsPEMKeyFile"
    deprecated_name: "net.ssl.PEMKeyFile"
    deprecated_short_name: sslPEMKeyFile
    arg_vartype: String
  "net.tls.certificateKeyFilePassword":      # Changed form "net.tls.PEMKeyPassword"
    description: "PEM file password"
    short_name: tlsCertificateKeyFilePassword       # Changed from: tlsPEMKeyPassword
    deprecated_name: "net.ssl.PEMKeyPassword"
    deprecated_short_name: sslPEMKeyPassword
    arg_vartype: String
    cpp_varname: sslGlobalParams.sslPEMKeyPassword
    implicit: ''

Scope of changes

• 4.2
• 4.2-compat (not sure if we want to explicitly call out the name change – currently, we just state tls override ssl)
• connection-string (Need to add the tls options)
• mongod options + mongod + mongos
• config file options + config file  + configuration-file-settings-command-line-options-mapping
• mongo options + mongo
  • Add all the tls options (note: mongo shell options are missing all the tls options, need to add all and deprecate ssl options)
  • mongo ssl references
• source/core/security-internal-authentication.txt
• source/core/security-x.509.txt
• tutorials
  • source/tutorial/configure-ssl-clients.txt
  • source/tutorial/configure-ssl.txt
  • source/tutorial/configure-fips.txt
  • source/tutorial/configure-x509-client-authentication.txt
  • source/tutorial/configure-x509-member-authentication.txt
  • source/tutorial/upgrade-cluster-to-ssl.txt
  • source/tutorial/upgrade-keyfile-to-x509.txt
  • source/appendix/security/appendixB-openssl-server.txt
  • source/appendix/security/appendixC-openssl-client.txt

• references
  • source/reference/expansion-directives.txt - since new page for 4.2, not even going to reference old sslpem
  • source/reference/parameters.txt
    • add examples using tls
    • add tlsMode param and link to and from sslMode param
  • source/reference/command/serverStatus.txt
• source/includes/extracts-tls-facts.yaml
• source/includes/extracts-x509-certificate.yaml
• Upgrades - post upgrade, update options
• Downgrade - update the options before downgrading

note The following programs are on the old sslOptions (i.e. not even tls options – for those that take uri, will need to note that they don't support the new tls options in the uri string)

• source/reference/program/mongodump.txt
• source/reference/program/mongoexport.txt
• source/reference/program/mongofiles.txt
• source/reference/program/mongoimport.txt
• source/reference/program/mongorestore.txt
• source/reference/program/mongostat.txt
• source/reference/program/mongotop.txt

check references for mongo-shell-ssl

Impact to Other Docs

Probably if cloud products explose the tls options, including in connection strings, (but should come from those cloud product tickets)

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)