Disabling TLS for testing

Update
Turns out it was disabling TLS but the fact that I’m not super familiar with Wireshark meant I was misinterpreting some of the data. I had to right click the packets > Decode As > then specifically tell WireShark to decode as MONGO packets. Previously WireShark was looking at this as generic TCP, and I just assumed it wasn’t providing any useful info due to TLS, however after explicitly telling WireShark what to look for in these packets I’m able to deconstruct everything more clearly.

Thanks!

Solved - Update above

I’m currently attempting to reproduce some odd client behaviour and would like to validate how the connection is both leaving by client and arriving at my test MongoDB instance. The debug logs I’ve been able to set have not provided much more insight to this, so as a next step I was hoping to observe this in a bidirectional packet capture.

The issue is, MongoDB and the client seem to be forcing TLS, rendering the PCAPs fairly useless.

The connection string used by the client is as follows:

mongodb://{{username}}:{{password}}@<ip-addr>:27017/?tls=false&authSource=<test-authSource>

I tried to edit the net parameter to disable TLS as well:

net:
  port: 27017
  bindIp: 0.0.0.0

  tls:
    mode: disabled

I’ve tried the above with both tls and ssl options.

However the packet captures show it’s still using TLS/SSL.

Mongo’s startup logs do tell me that TLS is disabled:

{"t":{"$date":"2023-09-17T07:46:06.849+00:00"},"s":"I",  "c":"CONTROL",  "id":21951,   "ctx":"initandlisten","msg":"Options set by command line","attr":{"options":{"config":"/etc/mongod.conf","net":{"bindIp":"0.0.0.0","port":27017,"tls":{"mode":"disabled"}},"processManagement":{"timeZoneInfo":"/usr/share/zoneinfo"},"security":{"authorization":"enabled"},"storage":{"dbPath":"/var/lib/mongodb"},"systemLog":{"destination":"file","logAppend":true,"path":"/var/log/mongodb/mongod.log"}}}}

"ctx":"listener","msg":"Waiting for connections","attr":{"port":27017,"ssl":"off"}

Any ideas what I might be doing wrong here? Is this by design, or am I missing something?

Do Line Comment in tls in mongod.conf file like below

 # tls:
 #  mode: disabled