My company is doing some testing with the latest version of mongo to make sure everything works for us.  We have a mongo replica set setup that includes windows server nodes and redhat enterprise linux nodes.  The issue being encountered is that while the redhat nodes can successfully connect to the windows nodes, the inverse is not true.  

We are using mandatory TLS authentication in the mongo configurations, and inspecting the TLS handshake using wireshark, from what I can tell, no matter the cryptographic capabilities of the windows server in question, mongod will always use a sha1 signature algorithm for the client certificate verification part of the handshake.  Editing the windows registry to remove those signature algorithms from the windows cryptographic providers did not change anything.  The only way I could reconfigure the system to get this to work was to enable the sha1 algorithms on the redhat side (while keeping the sha1 algorithms enabled on the windows side).  This configuration is undesirable.

I've also noticed this post about the driver: https://www.mongodb.com/community/forums/t/mongodb-c-c-driver-potential-authentication-issue-with-windows-native-tls/328866

Inspecting the code change for that fix: https://github.com/mongodb/mongo-c-driver/commit/912209d5dc985758bc3d70b105dc5166e3ded7c3#diff-b2a83f73a292a6b11ffd5ee3408235c7c6a3cb85e0c9dbf7028a735c45187261

It appears as though the issue was the manner in which windows APIs around schannel are being used is the problem.  Looking at the mongod code itself I believe this block of code is the problem: https://github.com/mongodb/mongo/blob/303c38d64a3b0ab743bdaea955874fc7fe601c9d/src/mongo/util/net/ssl_manager_windows.cpp#L1005

And indeed removing this code path when `isSSLServer` is true resolves the issue.

Do note I believe this affects all currently supported versions of `mongod`, and based on the code probably also affects `mongos`.