DOCS-4295 DOCS-5272 include TLS when mentioning SSL

Author: kay-kim

source/administration/install-on-linux.txt

@@ -12,7 +12,7 @@ Recommended
 
 For the best installation experience, MongoDB provides packages for popular
 Linux distributions. These packages, which support
-specific platforms and provide improved performance and SSL
+specific platforms and provide improved performance and TLS/SSL
 support, are the preferred way to run MongoDB. The following guides
 detail the installation process for these systems:
 
@@ -25,7 +25,7 @@ Manual Installation
 -------------------
 
 For Linux systems without supported packages, MongoDB provides a
-generic Linux release. These versions of MongoDB don't include SSL,
+generic Linux release. These versions of MongoDB don't include TLS/SSL,
 and may not perform as well as the targeted packages, but are
 compatible on most contemporary Linux systems. See the
 following guides for installation:

source/administration/production-notes.txt

@@ -492,8 +492,8 @@ For all MongoDB deployments:
 - Use the Network Time Protocol (NTP) to synchronize time among
   your hosts. This is especially important in sharded clusters.
 
-MongoDB and SSL Libraries
-`````````````````````````
+MongoDB and TLS/SSL Libraries
+`````````````````````````````
 
 On Linux platforms, you may observe one of the following statements in
 the MongoDB log:
@@ -503,8 +503,8 @@ the MongoDB log:
    <path to SSL libs>/libssl.so.<version>: no version information available (required by /usr/bin/mongod)
    <path to SSL libs>/libcrypto.so.<version>: no version information available (required by /usr/bin/mongod)
 
-These warnings indicate that the system's SSL libraries are different
-from the SSL libraries that the :program:`mongod` was compiled against.
+These warnings indicate that the system's TLS/SSL libraries are different
+from the TLS/SSL libraries that the :program:`mongod` was compiled against.
 Typically these messages do not require intervention; however, you can
 use the following operations to determine the symbol versions that
 :program:`mongod` expects:
@@ -528,8 +528,8 @@ operations to detect symbol version mismatches:
 
 .. code-block:: sh
 
-   objdump -T <path to SSL libs>/libssl.so.1*
-   objdump -T <path to SSL libs>/libcrypto.so.1*
+   objdump -T <path to TLS/SSL libs>/libssl.so.1*
+   objdump -T <path to TLS/SSL libs>/libcrypto.so.1*
 
 This procedure is neither exact nor exhaustive: many symbols used by
 :program:`mongod` from the ``libcrypto`` library do not begin with

source/administration/security-checklist.txt

@@ -38,10 +38,10 @@ See :doc:`/core/authorization`, :doc:`/tutorial/define-roles`,
 Encrypt Communication
 ---------------------
 
-Configure MongoDB to use SSL for all incoming and outgoing
-connections. Use SSL to encrypt communication between
+Configure MongoDB to use TLS/SSL for all incoming and outgoing
+connections. Use TLS/SSL to encrypt communication between
 :program:`mongod` and :program:`mongos` components of a MongoDB
-client, as well as between all applications and MongoDB.
+client as well as between all applications and MongoDB.
 
 See :doc:`/tutorial/configure-ssl`.
 

source/core/authentication.txt

@@ -181,7 +181,7 @@ x.509 Certificate Authentication
 .. versionadded:: 2.6
 
 MongoDB supports x.509 certificate authentication for use with a secure
-:doc:`SSL connection </tutorial/configure-ssl>`.
+:doc:`TLS/SSL connection </tutorial/configure-ssl>`.
 
 To authenticate to servers, clients can use x.509 certificates instead
 of usernames and passwords. See :ref:`x509-client-authentication` for

source/core/replica-set-arbiter.txt

@@ -59,7 +59,7 @@ The only communication between arbiters and other set members are:
 votes during elections, heartbeats, and configuration data. These
 exchanges are not encrypted.
 
-**However**, if your MongoDB deployment uses SSL, MongoDB will encrypt
+**However**, if your MongoDB deployment uses TLS/SSL, MongoDB will encrypt
 *all* communication between replica set members. See
 :doc:`/tutorial/configure-ssl` for more information.
 

source/core/security-introduction.txt

@@ -76,9 +76,9 @@ Encryption
 Transport Encryption
 ~~~~~~~~~~~~~~~~~~~~
 
-You can use SSL to encrypt all of MongoDB's network traffic. SSL
-ensures that MongoDB network traffic is only readable by the intended
-client.
+You can use TLS/SSL (Transport Layer Security/Secure Sockets Layer) to
+encrypt all of MongoDB's network traffic. TLS/SSL ensures that MongoDB
+network traffic is only readable by the intended client.
 
 See :doc:`/tutorial/configure-ssl` for more information.
 

source/core/security-network.txt

@@ -140,7 +140,7 @@ Virtual Private Networks
 
 Virtual private networks, or VPNs, make it possible to link two
 networks over an encrypted and limited-access trusted
-network. Typically MongoDB users who use VPNs use SSL rather than
+network. Typically, MongoDB users who use VPNs use TLS/SSL rather than
 IPSEC VPNs for performance issues.
 
 Depending on configuration and implementation, VPNs provide for

source/faq/replica-sets.txt

@@ -206,9 +206,9 @@ following data with the rest of the replica set:
 - Replica set configuration data and voting data. This information is
   not encrypted. Only credential exchanges are encrypted.
 
-If your MongoDB deployment uses SSL, then all communications between
-arbiters and the other members of the replica set are secure. See the
-documentation for :doc:`/tutorial/configure-ssl` for more
+If your MongoDB deployment uses TLS/SSL, then all communications
+between arbiters and the other members of the replica set are secure.
+See the documentation for :doc:`/tutorial/configure-ssl` for more
 information. Run all arbiters on secure networks, as with all MongoDB
 components.
 

source/includes/admonition-saslauthd-ldap-considerations.rst

@@ -8,4 +8,4 @@ Use secure encrypted or trusted connections between clients and the server,
 as well as between ``saslauthd`` and the LDAP server. The LDAP server uses
 the ``SASL PLAIN`` mechanism, sending and receiving data in **plain text**. 
 You should use only a trusted channel such as a VPN, a connection encrypted 
-with SSL, or a trusted wired network.
+with TLS/SSL, or a trusted wired network.

source/includes/extracts-security-prereq.yaml

@@ -3,52 +3,52 @@ inherit:
   ref: _security-prereq
   file: extracts-security-prereq-base.yaml
 replacement: 
-  unscoped: "A full description of SSL, PKI (Public Key Infrastructure) certificates, and Certificate Authority"
+  unscoped: "A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, and Certificate Authority"
   page: page
-  prereq: "SSL as well as access to valid certificates"
+  prereq: "TLS/SSL as well as access to valid certificates"
 ---
 ref: security-prereq-configure-ssl-clients
 inherit:
   ref: _security-prereq
   file: extracts-security-prereq-base.yaml
 replacement:
-  unscoped: "A full description of SSL, PKI (Public Key Infrastructure) certificates, and Certificate Authority"
+  unscoped: "A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, and Certificate Authority"
   page: page
-  prereq: "SSL as well as access to valid certificates"
+  prereq: "TLS/SSL as well as access to valid certificates"
 ---
 ref: security-prereq-upgrade-cluster-to-ssl
 inherit:
   ref: _security-prereq
   file: extracts-security-prereq-base.yaml
 replacement:
-  unscoped: "A full description of SSL, PKI (Public Key Infrastructure) certificates, and Certificate Authority"
+  unscoped: "A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, and Certificate Authority"
   page: tutorial
-  prereq: "SSL as well as access to valid certificates"
+  prereq: "TLS/SSL as well as access to valid certificates"
 ---
 ref: security-prereq-configure-fips
 inherit:
   ref: _security-prereq
   file: extracts-security-prereq-base.yaml
 replacement:
-  unscoped: "A full description of FIPS and SSL"
+  unscoped: "A full description of FIPS and TLS/SSL"
   page: tutorial
-  prereq: "FIPS and SSL"
+  prereq: "FIPS and TLS/SSL"
 ---
 ref: security-prereq-configure-x509-client-authentication
 inherit:
   ref: _security-prereq
   file: extracts-security-prereq-base.yaml
 replacement:
-  unscoped: "A full description of SSL, PKI (Public Key Infrastructure) certificates, in particular x.509 certificates, and Certificate Authority"
+  unscoped: "A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, in particular x.509 certificates, and Certificate Authority"
   page: tutorial
-  prereq: "SSL as well as access to valid x.509 certificates"
+  prereq: "TLS/SSL as well as access to valid x.509 certificates"
 ---
 ref: security-prereq-configure-x509-member-authentication
 inherit:
   ref: _security-prereq
   file: extracts-security-prereq-base.yaml
 replacement:
-  unscoped: "A full description of SSL, PKI (Public Key Infrastructure) certificates, in particular x.509 certificates, and Certificate Authority"
+  unscoped: "A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, in particular x.509 certificates, and Certificate Authority"
   page: tutorial
-  prereq: "SSL as well as access to valid x.509 certificates"
+  prereq: "TLS/SSL as well as access to valid x.509 certificates"
 ...  

source/includes/fact-ssl-supported.rst

@@ -1,5 +1,5 @@
 .. versionchanged:: 3.0
 
-   Most MongoDB distributions now include support for SSL. See
-   :doc:`/tutorial/configure-ssl` for more information about SSL and
+   Most MongoDB distributions now include support for TLS/SSL. See
+   :doc:`/tutorial/configure-ssl` for more information about TLS/SSL and
    MongoDB.

source/includes/note-tls-ssl-terminology.rst

@@ -0,0 +1,4 @@
+.. note::
+
+   Although TLS is the successor to SSL, this page uses the more
+   familiar term SSL to refer to TLS/SSL.

source/includes/options-conf.yaml

@@ -794,7 +794,7 @@ description: |
 
      * - :ref:`MONGODB-X509 <security-auth-x509>`
 
-       - MongoDB SSL certificate authentication.
+       - MongoDB TLS/SSL certificate authentication.
 
      * - :ref:`GSSAPI <security-auth-kerberos>` (Kerberos)
 
@@ -1481,7 +1481,7 @@ description: |
   .. versionadded:: 3.0
 
   When {{role}} is ``true``, MongoDB disables the validation of the
-  hostnames in SSL certificates, allowing {{program}} to connect to
+  hostnames in TLS/SSL certificates, allowing {{program}} to connect to
   MongoDB instances if the hostname their certificates do not match the
   specified hostname.
 

source/includes/options-mongo.yaml

@@ -207,7 +207,7 @@ description: |
   .. versionadded:: 2.2
 
   Enables connection to a :program:`mongod` or :program:`mongos` that has
-  SSL support enabled.
+  TLS/SSL support enabled.
 
   .. include:: /includes/fact-ssl-supported.rst
 optional: true
@@ -219,7 +219,7 @@ directive: option
 description: |
   .. versionadded:: 2.4
 
-  Specifies the :file:`.pem` file that contains both the SSL certificate
+  Specifies the :file:`.pem` file that contains both the TLS/SSL certificate
   and key. Specify the file name of the :file:`.pem` file using relative
   or absolute paths.
 

source/includes/options-mongod.yaml

@@ -1182,9 +1182,9 @@ directive: option
 description: |
   .. deprecated:: 2.6
 
-  {{verb}} SSL for {{program}}.
+  {{verb}} TLS/SSL for {{program}}.
 
-  With {{role}}, a {{program}} requires SSL encryption for all
+  With {{role}}, a {{program}} requires TLS/SSL encryption for all
   connections on the default MongoDB port, or the port specified by
   :option:`--port`. By default, :option:`--sslOnNormalPorts` is
   disabled.
@@ -1201,7 +1201,7 @@ directive: option
 description: |
   .. versionadded:: 2.6
 
-  {{verb}} SSL or mixed SSL used for all network connections. The
+  {{verb}} TLS/SSL or mixed TLS/SSL used for all network connections. The
   argument to the {{role}} {{directive}} can be one of the following:
 
   .. list-table::
@@ -1214,21 +1214,21 @@ description: |
 
      * - ``disabled``
 
-       - The server does not use SSL.
+       - The server does not use TLS/SSL.
 
      * - ``allowSSL``
 
-       - Connections between servers do not use SSL. For incoming
-         connections, the server accepts both SSL and non-SSL.
+       - Connections between servers do not use TLS/SSL. For incoming
+         connections, the server accepts both TLS/SSL and non-TLS/non-SSL.
 
      * - ``preferSSL``
 
-       - Connections between servers use SSL. For incoming
-         connections, the server accepts both SSL and non-SSL.
+       - Connections between servers use TLS/SSL. For incoming
+         connections, the server accepts both TLS/SSL and non-TLS/non-SSL.
 
      * - ``requireSSL``
 
-       - The server uses and accepts only SSL encrypted connections.
+       - The server uses and accepts only TLS/SSL encrypted connections.
 
   .. include:: /includes/fact-ssl-supported.rst
 
@@ -1244,11 +1244,11 @@ directive: option
 description: |
   .. versionadded:: 2.2
 
-  {{intro}} :file:`.pem` file that contains both the SSL certificate
+  {{intro}} :file:`.pem` file that contains both the TLS/SSL certificate
   and key. Specify the file name of the :file:`.pem` file using relative
   or absolute paths.
 
-  You must specify {{role}} when SSL is enabled.
+  You must specify {{role}} when TLS/SSL is enabled.
 
   .. include:: /includes/fact-ssl-supported.rst
 optional: true
@@ -1362,7 +1362,7 @@ directive: option
 description: |
   .. versionadded:: 2.6
 
-  {{verb}} the validation checks for SSL certificates on other servers
+  {{verb}} the validation checks for TLS/SSL certificates on other servers
   in the cluster and allows the use of invalid certificates. 
   
   When using
@@ -1387,7 +1387,7 @@ pre: |
      {{old_name}}, but all users should
      update their configuration files.
 description: |
-  {{verb}} the requirement for SSL certificate validation that
+  {{verb}} the requirement for TLS/SSL certificate validation that
   {{sslCA_option}} enables. With the {{role}} option, the {{program}}
   will accept connections when the client does not present a certificate
   when establishing the connection.
@@ -1414,7 +1414,7 @@ directive: option
 description: |
   .. versionadded:: 3.0
 
-  Disables the validation of the hostnames in SSL certificates, when
+  Disables the validation of the hostnames in TLS/SSL certificates, when
   connecting to other {{program}} instances for inter-process
   authentication. This allows {{program}} to connect to other
   {{program}} instances if the hostnames in their certificates do not

source/includes/options-shared.yaml

@@ -120,7 +120,7 @@ description: |
   .. versionadded:: 2.6
 
   Enables connection to a :program:`mongod` or :program:`mongos` that has
-  SSL support enabled.
+  TLS/SSL support enabled.
 
   .. include:: /includes/fact-ssl-supported.rst
 optional: true
@@ -150,7 +150,7 @@ directive: option
 description: |
   .. versionadded:: 2.6
 
-  Specifies the :file:`.pem` file that contains both the SSL certificate
+  Specifies the :file:`.pem` file that contains both the TLS/SSL certificate
   and key. Specify the file name of the :file:`.pem` file using relative
   or absolute paths.
 
@@ -223,7 +223,7 @@ directive: option
 description: |
   .. versionadded:: 3.0
 
-  Disables the validation of the hostnames in SSL certificates. Allows
+  Disables the validation of the hostnames in TLS/SSL certificates. Allows
   {{program}} to connect to MongoDB instances if the hostname their
   certificates do not match the specified hostname.
 
@@ -323,7 +323,7 @@ description: |
 
      * - :ref:`MONGODB-X509 <security-auth-x509>`
 
-       - MongoDB SSL certificate authentication.
+       - MongoDB TLS/SSL certificate authentication.
 
      * - :ref:`GSSAPI <security-auth-kerberos>` (Kerberos)
 

source/includes/steps-authenticate-through-ldap.yaml

@@ -24,5 +24,5 @@ action:
     )
 post:
   The server forwards the password in plain text. In general, use only on
-  a trusted channel (VPN, SSL, trusted wired network).
+  a trusted channel (VPN, TLS/SSL, trusted wired network).
 ...

source/includes/steps-configure-ldap-mongodb.yaml

@@ -105,6 +105,6 @@ action:
     )
 post: |
   The server forwards the password in plain text. In general, use only on
-  a trusted channel (VPN, SSL, trusted wired network). See
+  a trusted channel (VPN, TLS/SSL, trusted wired network). See
   Considerations.
 ...

source/includes/steps-configure-ldap-saslauthd-openldap.yaml

@@ -30,7 +30,7 @@ action:
       The ``ldap_servers`` specifies the uri of the LDAP server used
       for authentication. In general, for OpenLDAP installed on the
       local machine, you can specify the value ``ldap://localhost:389``
-      or if using LDAP over SSL, you can specify the value
+      or if using LDAP over TLS/SSL, you can specify the value
       ``ldaps://localhost:636``.
 
       The ``ldap_search_base`` specifies distinguished name to which