SSL mode is set to ‘preferred’ and connection to remote is not using SSL

Question

I have cluster of 3 shards servers, 3 Config servers and 1 mongos server in dev environment. I would like to make communication between Mongo components TLS compulsory and communication between applications and mongos as non-TLS. So, I am enabling requireTLS mode in shards and config only and I am enabling preferTLS mode in mongos server, so applications communicating to mongos will not require any TLS certs to provide. I have enabled the settings and cluster is running fine currently in dev. But I am getting one log message in mongos log, what does this mean? Is this technically right , requireTLS(mongod) + preferTLS(mongos)?

Log

SSL mode is set to ‘preferred’ and connection to remote is not using SSL

Answer 1

I had a look at my MongoDB, log says:

{
   "t": { "$date": "2024-02-14T11:57:37.397+01:00" },
   "s": "I",
   "c": "NETWORK",
   "id": 23838,
   "ctx": "conn69",
   "msg": "SSL mode is set to 'preferred' and connection to remote is not using SSL.",
   "attr": {
      "connectionId": 69,
      "remote": "10.192.241.225:45516"
   }
}

But it is just an information ("s": "I"). And yes, the log message "connection to remote..." is a bit misleading. Should be better "connection from remote" or "incoming connection"

Unless you are using x.509 certificates to authenticate the client, or net.tls.allowConnectionsWithoutCertificates: false the net.tls.CAFile parameter is not needed.

On the other hand, setting net.tls.CAFile does not break anything.