Currently when the server rejects a client connection during TLS handshake it reports no errors to the client, making it impossible to diagnose connection failures from the client side (they can only be diagnosed via reading server logs).
For example, given the certificates in https://github.com/p-mongo/tests/tree/master/certs, we can use openssl s_client and s_server functions to require certificate verification on the server side and connect without supplying a certificate:
Server side outputs in its terminal:
Client side outputs in its terminal:
The alert mechanism referenced is the openssl's way of communicating errors between client and server during connection handshake.
Now if I connect to a mongod with s_client the same way:
mongod closes the connection without supplying any reason why the connection was closed. The reason is logged in mongod log:
This reason should be communicated to the client using the openssl alert mechanism prior to closing the connection.
mongod was launched with: