I have cluster of 3 shards servers, 3 Config servers and 1 mongos server in dev environment. I would like to make communication between Mongo components TLS compulsory and communication between applications and mongos as non-TLS. So, I am enabling requireTLS mode in shards and config only and I am enabling preferTLS mode in mongos server, so applications communicating to mongos will not require any TLS certs to provide. I have enabled the settings and cluster is running fine currently in dev. But I am getting one log message in mongos log, what does this mean? Is this technically right , requireTLS(mongod) + preferTLS(mongos)?
Log
SSL mode is set to ‘preferred’ and connection to remote is not using SSL
I had a look at my MongoDB, log says:
{
"t": { "$date": "2024-02-14T11:57:37.397+01:00" },
"s": "I",
"c": "NETWORK",
"id": 23838,
"ctx": "conn69",
"msg": "SSL mode is set to 'preferred' and connection to remote is not using SSL.",
"attr": {
"connectionId": 69,
"remote": "10.192.241.225:45516"
}
}
But it is just an information ("s": "I"). And yes, the log message "connection to remote..." is a bit misleading. Should be better "connection from remote" or "incoming connection"
Unless you are using x.509 certificates to authenticate the client, or net.tls.allowConnectionsWithoutCertificates: false the net.tls.CAFile parameter is not needed.
On the other hand, setting net.tls.CAFile does not break anything.