DOCS-11363: clarify TLS

Author: kay-kim

source/administration/production-notes.txt

@@ -637,8 +637,8 @@ the MongoDB log:
 
 .. code-block:: none
 
-   <path to SSL libs>/libssl.so.<version>: no version information available (required by /usr/bin/mongod)
-   <path to SSL libs>/libcrypto.so.<version>: no version information available (required by /usr/bin/mongod)
+   <path to TLS/SSL libs>/libssl.so.<version>: no version information available (required by /usr/bin/mongod)
+   <path to TLS/SSL libs>/libcrypto.so.<version>: no version information available (required by /usr/bin/mongod)
 
 These warnings indicate that the system's TLS/SSL libraries are different
 from the TLS/SSL libraries that the :binary:`~bin.mongod` was compiled against.

source/core/security-transport-encryption.txt

@@ -19,17 +19,17 @@ MongoDB supports TLS/SSL (Transport Layer Security/Secure Sockets Layer)
 to encrypt all of MongoDB's network traffic. TLS/SSL ensures that MongoDB
 network traffic is only readable by the intended client.
 
-MongoDB TLS/SSL implementation uses OpenSSL libraries. MongoDB's SSL
-encryption only allows use of strong SSL ciphers with a minimum of
+MongoDB TLS/SSL implementation uses OpenSSL libraries. MongoDB's TLS/SSL
+encryption only allows use of strong TLS/SSL ciphers with a minimum of
 128-bit key length for all connections.
 
 Certificates
 ------------
 
-Before you can use SSL, you must have a :file:`.pem` file containing a
+Before you can use TLS/SSL, you must have a :file:`.pem` file containing a
 public key certificate and its associated private key.
 
-MongoDB can use any valid SSL certificate issued by a certificate
+MongoDB can use any valid TLS/SSL certificate issued by a certificate
 authority or a self-signed certificate. If you use a self-signed
 certificate, although the communications channel will be encrypted,
 there will be *no* validation of server identity. Although such a
@@ -43,7 +43,7 @@ For example, see :doc:`/tutorial/configure-ssl-clients`.
 Identity Verification
 ---------------------
 
-In addition to encrypting connections, SSL allows for authentication
+In addition to encrypting connections, TLS/SSL allows for authentication
 using certificates, both for :doc:`client authentication
 </core/authentication>` and for :doc:`internal authentication
 </core/security-internal-authentication>` of members of replica sets and

source/includes/extracts-mongo-ssl-options-base.yaml

@@ -19,7 +19,7 @@ content: |
 
    .. warning::
 
-      For SSL connections (``--ssl``) to :binary:`~bin.mongod` and
+      For TLS/SSL connections (``--ssl``) to :binary:`~bin.mongod` and
       :binary:`~bin.mongos`, if the {{program}} runs with the
       ``--sslAllowInvalidCertificates`` option , the {{program}} will
       not attempt to validate the server certificates. This creates a

source/includes/extracts-mongo-ssl-options.yaml

@@ -14,7 +14,7 @@ replacement:
   program: ":binary:`~bin.mongo`"
   instance: ":binary:`~bin.mongod` or :binary:`~bin.mongos`"
 post: |
-  If your MongoDB deployment uses SSL, you must also specify the ``--host`` option.
+  If your MongoDB deployment uses TLS/SSL, you must also specify the ``--host`` option.
   {{program}} verifies that the
   hostname of the {{instance}} to which you are connecting matches
   the CN or SAN of the {{instance}}'s ``--sslPEMKeyFile`` certificate.

source/includes/extracts-x509-certificate.yaml

@@ -95,7 +95,7 @@ content: |
 ref: x509-member-auth-configuration
 content: |
    To specify x.509 for internal authentication, in addition to the other
-   SSL configurations appropriate for your deployment, for each member of
+   TLS/SSL configurations appropriate for your deployment, for each member of
    the replica set or sharded cluster, include either:
 
    - :setting:`security.clusterAuthMode` and :setting:`net.ssl.clusterFile`

source/includes/fact-ssl-certificate-authorities.rst

@@ -1,6 +1,6 @@
 For production use, your MongoDB deployment should use valid certificates
 generated and signed by a single certificate authority. You or your
 organization can generate and maintain an independent certificate
-authority, or use certificates generated by a third-party SSL
+authority, or use certificates generated by a third-party TLS/SSL
 vendor. Obtaining and managing certificates is beyond the scope of
 this documentation.

source/includes/note-fips-is-enterprise-only.rst

@@ -1,4 +1,4 @@
-.. note:: FIPS-compatible SSL is
+.. note:: FIPS-compatible TLS/SSL is
    available only in `MongoDB Enterprise
    <http://www.mongodb.com/products/mongodb-enterprise?jmp=docs>`_. See
    :doc:`/tutorial/configure-fips` for more information.

source/includes/note-tls-ssl-terminology.rst

@@ -1,4 +1,3 @@
 .. note::
 
-   Although TLS is the successor to SSL, this page uses the more
-   familiar term SSL to refer to TLS/SSL.
+   TLS is the successor to SSL.

source/includes/options-mongo.yaml

@@ -79,8 +79,8 @@ description: |
   options. The  ``authSource`` and ``replicaSet`` options, if included in
   the connection string, will override any corresponding DNS-configured options 
   set in the TXT record. Use of the ``mongodb+srv:`` connection string implicitly
-  enables SSL (normally set with ``ssl=true``) for the client connection. The
-  SSL option can be turned off by setting ``ssl=false`` in the query string.
+  enables TLS/SSL (normally set with ``ssl=true``) for the client connection. The
+  TLS/SSL option can be turned off by setting ``ssl=false`` in the query string.
   
   Example:
   

source/includes/options-mongod.yaml

@@ -1416,7 +1416,7 @@ directive: option
 description: |
   .. versionadded:: 3.0.7
 
-  Prevents a MongoDB server running with SSL from accepting incoming
+  Prevents a MongoDB server running with TLS/SSL from accepting incoming
   connections that use a specific protocol or protocols. {{role}}
   recognizes the following protocols: ``TLS1_0``, ``TLS1_1``, and
   ``TLS1_2``. Specifying an unrecognized protocol will prevent the

source/includes/options-shared.yaml

@@ -146,7 +146,7 @@ description: |
 
   .. warning::
 
-     **Version 3.2 and earlier:** For SSL connections (``--ssl``) to
+     **Version 3.2 and earlier:** For TLS/SSL connections (``--ssl``) to
      :binary:`~bin.mongod` and :binary:`~bin.mongos`, if the {{program}} runs without the
      {{role}}, {{program}} will not attempt
      to validate the server certificates. This creates a vulnerability

source/includes/steps-starting-compass.yaml

@@ -20,8 +20,8 @@ action:
        - Kerberos
        - LDAP
 
-    d. SSL: Whether or not Compass should connect to the target host with SSL.
-       Several SSL options are available:
+    d. SSL: Whether or not Compass should connect to the target host with TLS/SSL.
+       Several TLS/SSL options are available:
 
        - Unvalidated: If this option is used, the server cerficiate is not
          validated and no client certificate will be provided. The server must be

source/release-notes/3.6.txt

@@ -828,7 +828,7 @@ Known Issues in 3.6.0
 - :issue:`TOOLS-1827`:
       When using a URI with SRV, fetched TXT records will be ignored if
       no query parameters are specified in the command line URI. To get
-      around this, explicitly specify the SSL setting used to
+      around this, explicitly specify the TLS/SSL setting used to
       communicate with the database (either ssl=true or ssl=false) in
       the URI query string.
 

source/tutorial/configure-ssl-clients.txt

@@ -25,8 +25,8 @@ Clients must have support for TLS/SSL to work with a :binary:`~bin.mongod` or a
 
 .. _mongo-shell-ssl-connect:
 
-``mongo`` Shell SSL Configuration
----------------------------------
+``mongo`` Shell Configuration
+-----------------------------
 
 .. note::
    The *Linux 64-bit legacy x64* builds of MongoDB do **not** include
@@ -38,7 +38,7 @@ settings, including:
 - :option:`--ssl <mongo --ssl>`
 
 - :option:`--sslPEMKeyFile <mongo --sslPEMKeyFile>` with the name of the
-  :file:`.pem` file that contains the SSL certificate and key.
+  :file:`.pem` file that contains the TLS/SSL certificate and key.
 
 - :option:`--sslPEMKeyPassword <mongo --sslPEMKeyPassword>` option if the
   client certificate-key file is encrypted.
@@ -50,15 +50,14 @@ settings, including:
 
 .. include:: /includes/extracts/clients-warning-sslCAFile.rst
 
-
-For a complete list of the :binary:`~bin.mongo` shell's SSL settings, see
+For a complete list of the :binary:`~bin.mongo` shell's TLS/SSL settings, see
 :ref:`mongo-shell-ssl`.
 
-Connect to MongoDB Instance with SSL Encryption
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Connect to MongoDB Instance Using Encryption
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 To connect to a :binary:`~bin.mongod` or :binary:`~bin.mongos` instance that
-requires :ref:`only a SSL encryption mode <ssl-mongod-ssl-cert-key>`,
+requires :ref:`encrypted communication <ssl-mongod-ssl-cert-key>`,
 start :binary:`~bin.mongo` shell with :option:`--ssl <mongo --ssl>` and
 include the :option:`--sslCAFile <mongo --sslCAFile>` to validate the
 server certificates.
@@ -118,12 +117,13 @@ connect to that :binary:`~bin.mongod`:
 |MMS| and Ops Manager Monitoring Agent
 --------------------------------------
 
-The |MMS| Monitoring agent will also have to connect via SSL in order to
-gather its statistics. Because the agent already utilizes SSL for its
-communications to the |MMS| servers, this is just a matter of enabling
-SSL support in |MMS| itself on a per host basis.
+The |MMS| and Ops Manager Monitoring agents will also have to use
+encrypted communication in order to gather its statistics. Because the
+agents already encrypted communications to the |MMS|/Ops Manager servers,
+this is just a matter of enabling TLS/SSL support in |MMS|/Ops Manager on a per
+host basis.
 
-See the |mms-docs| for more information about SSL
+See the |mms-docs| for more information about TLS/SSL
 configuration.
 
 For Ops Manager, see :opsmgr:`Ops Manager documentation </>`.
@@ -133,7 +133,7 @@ For Ops Manager, see :opsmgr:`Ops Manager documentation </>`.
 MongoDB Drivers
 ---------------
 
-The MongoDB Drivers support for connection to SSL enabled MongoDB. See:
+The MongoDB Drivers support encrypted communication. See:
 
 - `C Driver <http://api.mongodb.org/c/current/advanced-connections.html>`_
 - `C++ Driver <https://mongodb.github.io/mongo-cxx-driver/>`_
@@ -153,7 +153,7 @@ MongoDB Tools
 
 .. versionchanged:: 2.6
 
-Various MongoDB utility programs supports SSL. These tools include:
+Various MongoDB utility programs support encrypted communication. These tools include:
 
 - :binary:`~bin.mongodump`
 - :binary:`~bin.mongoexport`
@@ -163,5 +163,5 @@ Various MongoDB utility programs supports SSL. These tools include:
 - :binary:`~bin.mongostat`
 - :binary:`~bin.mongotop`
 
-To use SSL connections with these tools, use the same SSL options as
+To use encrypted communication with these tools, use the same TLS/SSL options as
 the :binary:`~bin.mongo` shell. See :ref:`mongo-shell-ssl-connect`.