DOCSP-7419 tls update (#2001) (#2005)

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

* DOCSP-7419-tls-update

Co-authored-by: jason-price-mongodb <[email protected]>

Co-authored-by: jason-price-mongodb <[email protected]>

Author: jason-price-mongodb

source/includes/TLS-SSL-certificates.rst

@@ -0,0 +1,3 @@
+For clients that don't provide certificates, :binary:`~bin.mongod` or
+:binary:`~bin.mongos` encrypts the TLS/SSL connection, assuming the
+connection is successfully made.

source/reference/configuration-options.txt

@@ -1716,8 +1716,7 @@ Core Options
 
    .. versionadded:: 4.2
 
-   For clients that do not present certificates, :binary:`~bin.mongos` or :binary:`~bin.mongod` bypasses
-   TLS/SSL certificate validation when establishing the connection.
+   .. include:: /includes/TLS-SSL-certificates.rst
 
    For clients that present a certificate, however, :binary:`~bin.mongos` or :binary:`~bin.mongod` performs
    certificate validation using the root certificate chain specified by
@@ -2267,9 +2266,8 @@ Core Options
       Use :setting:`net.tls.allowConnectionsWithoutCertificates`
       instead.
 
-   For clients that do not present certificates, :binary:`~bin.mongos` or :binary:`~bin.mongod` bypasses
-   TLS/SSL certificate validation when establishing the connection.
-   
+   .. include:: /includes/TLS-SSL-certificates.rst
+
    For clients that present a certificate, however, :binary:`~bin.mongos` or :binary:`~bin.mongod` performs
    certificate validation using the root certificate chain specified by
    :setting:`~net.ssl.CAFile` and reject clients with invalid certificates.

source/reference/program/mongod.txt

@@ -2371,9 +2371,8 @@ TLS Options
 
    .. versionadded:: 4.2
 
-   For clients that do not present certificates, :program:`mongod` bypasses
-   TLS/SSL certificate validation when establishing the connection.
-   
+   .. include:: /includes/TLS-SSL-certificates.rst
+
    For clients that present a certificate, however, :program:`mongod` performs
    certificate validation using the root certificate chain specified by
    ``--tlsCAFile`` and reject clients with invalid certificates.
@@ -2852,8 +2851,7 @@ SSL Options (Deprecated)
       Use :option:`--tlsAllowConnectionsWithoutCertificates
       <mongod --tlsAllowConnectionsWithoutCertificates>` instead.
 
-   For clients that do not present certificates, :program:`mongod` bypasses
-   TLS/SSL certificate validation when establishing the connection.
+   .. include:: /includes/TLS-SSL-certificates.rst
 
    For clients that present a certificate, however, :program:`mongod` performs
    certificate validation using the root certificate chain specified by

source/reference/program/mongos.txt

@@ -995,9 +995,8 @@ TLS Options
 
    .. versionadded:: 4.2
 
-   For clients that do not present certificates, :program:`mongos` bypasses
-   TLS/SSL certificate validation when establishing the connection.
-   
+   .. include:: /includes/TLS-SSL-certificates.rst
+
    For clients that present a certificate, however, :program:`mongos` performs
    certificate validation using the root certificate chain specified by
    ``--tlsCAFile`` and reject clients with invalid certificates.
@@ -1406,8 +1405,7 @@ SSL Options (Deprecated)
       Use :option:`--tlsAllowConnectionsWithoutCertificates
       <mongos --tlsAllowConnectionsWithoutCertificates>` instead.
 
-   For clients that do not present certificates, :program:`mongos` bypasses
-   TLS/SSL certificate validation when establishing the connection.
+   .. include:: /includes/TLS-SSL-certificates.rst
 
    For clients that present a certificate, however, :program:`mongos` performs
    certificate validation using the root certificate chain specified by