Related to https://jira.mongodb.org/browse/SERVER-39941, if a server is configured with TLS on and the client connects without TLS, the server outputs the following in its log:

2019-03-04T23:22:20.337+0000 D -        [conn27] User Assertion: 17189:The server is configured to only allow SSL connections src/mongo/util/net/message_port.cpp 152
2019-03-04T23:22:20.337+0000 D -        [conn27] User Assertion: 17189:The server is configured to only allow SSL connections src/mongo/db/service_entry_point_mongod.cpp 132
2019-03-04T23:22:20.337+0000 I -        [conn27] AssertionException handling request, closing client connection: 17189 The server is configured to only allow SSL connections
2019-03-04T23:22:20.337+0000 I -        [conn27] end connection 127.0.0.1:41224 (1 connection now open)

On the client side, the client only gets its connection closed, and provides the following diagnostics:

[2019/03/05 12:11:46.568] W, [2019-03-05T17:11:45.067404 #3004]  WARN -- : MONGODB | Failed to handshake with localhost:27017: Mongo::Error::SocketError: EOFError: end of file reached (for 127.0.0.1:27017 (no TLS))

As with 39941, it is impossible to determine the reason why the connection failed from the client side.

While in 39941 the idea is to use the openssl alert mechanism to communicate errors to the client, the failure cases covered by this ticket require a different strategy to report them. Perhaps the server can write a simple (or simplified) ismaster response, even in plain text if the server determines that the client connected without TLS to a TLS server, and wait for a minute to close the connection. Normally the driver would write an ismaster request to the server immediately after opening a connection, hence even with the server not reading the request and writing a predetermined ismaster response this should provide reasonable diagnostics to the client to debug connection failures.