DOCS-12051 add setParameter tlsWithholdClientCertificate

Isabella Siu · kay-kim · commit 197dedc68807 · 2018-11-07T13:00:39.000-05:00
diff --git a/source/reference/parameters.txt b/source/reference/parameters.txt
@@ -277,6 +277,53 @@ Authentication Parameters
 
       db.adminCommand( { setParameter: 1, sslMode: "preferSSL" } )
 
+.. parameter:: tlsWithholdClientCertificate
+
+   *Default*: false
+ 
+   .. versionadded:: 4.2
+
+   |both|
+
+   A TLS certificate is set for a :binary:`mongod <bin.mongod>` or
+   :binary:`mongos <bin.mongos>` either by the
+   :option:`--tlsClusterFile <mongod --tlsClusterFile>` option or by the
+   :option:`--tlsPEMKeyFile <mongod --tlsPEMKeyFile>` option when
+   :option:`--tlsClusterFile <mongod --tlsClusterFile>` is not set. If the TLS
+   certificate is set, by default, the instance sends the certificate when
+   initiating intra-cluster communications with other
+   :binary:`mongod <bin.mongod>` or :binary:`mongos <bin.mongos>` instances in
+   the deployment. Set ``tlsWithholdClientCertificate`` to ``1`` or ``true`` to
+   direct the instance to withhold sending its TLS certificate during these
+   communications. Use this option with
+   :option:`--tlsAllowConnectionsWithoutCertificates <mongod --tlsAllowConnectionsWithoutCertificates>`
+   (to allow inbound connections without certificates) on all members of the
+   deployment. ``tlsWithholdClientCertificate`` is mutually exclusive with
+   :option:`--clusterAuthMode x509 <mongod --clusterAuthMode>`.
+
+.. parameter:: sslWithholdClientCertificate
+
+   *Default*: false
+ 
+   .. deprecated:: 4.2 Use :parameter:`tlsWithholdClientCertificate` instead.
+
+   |both|
+  
+   A TLS certificate is set for a :binary:`mongod <bin.mongod>` or
+   :binary:`mongos <bin.mongos>` either by the
+   :option:`--tlsClusterFile <mongod --tlsClusterFile>` option or by the
+   :option:`--tlsPEMKeyFile <mongod --tlsPEMKeyFile>` option when
+   :option:`--tlsClusterFile <mongod --tlsClusterFile>` is not set. If the TLS
+   certificate is set, by default, the instance sends the certificate when
+   initiating intra-cluster communications with other
+   :binary:`mongod <bin.mongod>` or :binary:`mongos <bin.mongos>` instances in
+   the deployment. Set ``sslWithholdClientCertificate`` to ``1`` or ``true`` to
+   direct the instance to withhold sending its TLS certificate during these
+   communications. Use this option with
+   :option:`--tlsAllowConnectionsWithoutCertificates <mongod --tlsAllowConnectionsWithoutCertificates>`
+   (to allow inbound connections without certificates) on all members of the
+   deployment. ``sslWithholdClientCertificate`` is mutually exclusive with
+   :option:`--clusterAuthMode x509 <mongod --clusterAuthMode>`.
 
 .. parameter:: userCacheInvalidationIntervalSecs
 
