mongodb
diff --git a/‎docs/guide/tutorials/connect/authentication.txt
Lines changed: 14 additions & 20 deletions b/‎docs/guide/tutorials/connect/authentication.txt
Lines changed: 14 additions & 20 deletions
diff --git a/‎docs/guide/tutorials/connect/connect.txt
Lines changed: 4 additions & 9 deletions b/‎docs/guide/tutorials/connect/connect.txt
Lines changed: 4 additions & 9 deletions
diff --git a/‎docs/guide/tutorials/connect/tls.txt
Lines changed: 48 additions & 88 deletions b/‎docs/guide/tutorials/connect/tls.txt
Lines changed: 48 additions & 88 deletions
diff --git a/‎docs/reference/content/index.md
Lines changed: 1 addition & 1 deletion b/‎docs/reference/content/index.md
Lines changed: 1 addition & 1 deletion
@@ -26,10 +26,10 @@ In the following example, the connection string specifies the user ``dave``\ , p
 
    // Connection URL
    const url = `mongodb://${user}:${password}@localhost:27017/?authMechanism=${authMechanism}`;
-   
+
    // Create a new MongoClient
    const client = new MongoClient(url);
-   
+
    // Function to connect to the server
    async function run() {
      try {
@@ -41,7 +41,7 @@ In the following example, the connection string specifies the user ``dave``\ , p
        await client.close();
      }
    }
-   
+
    // Runs your code
    run();
 
@@ -78,7 +78,7 @@ In the following example, the connection string specifies the user ``dave``\ , p
        await client.close();
      }
    }
-   
+
    // Runs your code
    run();
 
@@ -115,7 +115,7 @@ In the following example, the connection string specifies the user ``dave``\ , p
        await client.close();
      }
    }
-   
+
    // Runs your code
    run();
 
@@ -153,7 +153,7 @@ In the following example, the connection string specifies the user ``dave``\ , p
        await client.close();
      }
    }
-   
+
    // Runs your code
    run();
 
@@ -163,11 +163,11 @@ In the following example, the connection string specifies the user ``dave``\ , p
 X509
 ----
 
-With  :manual:`X.509 </core/security-x.509>` mechanism, MongoDB uses the X.509 certificate presented during SSL negotiation to authenticate a user whose name is derived from the distinguished name of the X.509 certificate.
+With  :manual:`X.509 </core/security-x.509>` mechanism, MongoDB uses the X.509 certificate presented during TLS negotiation to authenticate a user whose name is derived from the distinguished name of the X.509 certificate.
 
-X.509 authentication requires the use of SSL connections with certificate validation and is available in MongoDB 2.6 and newer.
+X.509 authentication requires the use of TLS connections with certificate validation and is available in MongoDB 2.6 and newer.
 
-To connect using the X.509 authentication mechanism, specify ``MONGODB-X509`` as the mechanism in the :manual:`URI ConnectionString </reference/connection-string/>` , ``ssl=true``\ , and the username. Use ``enodeURIComponent`` to encode the username string.
+To connect using the X.509 authentication mechanism, specify ``MONGODB-X509`` as the mechanism in the :manual:`URI ConnectionString </reference/connection-string/>` , ``tls=true``\ , and the username. Use ``enodeURIComponent`` to encode the username string.
 
 In addition to the connection string, pass to the new ``MongoClient`` a connections options for the ``server`` with the X.509 certificate and other :doc:`TLS/SSL connections </tutorials/connect/tls>` options.
 
@@ -176,19 +176,13 @@ In addition to the connection string, pass to the new ``MongoClient`` a connecti
    const { MongoClient } = require('mongodb');
    const fs = require('fs');
 
-   // Read the cert and key
-   const cert = fs.readFileSync(`${__dirname}/ssl/x509/client.pem`);
-   const key = fs.readFileSync(`${__dirname}/ssl/x509/client.pem`);
-
    // User name
    const userName = encodeURIComponent('CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US');
-   const url = `mongodb://${userName}:${password}@server:27017?authMechanism=MONGODB-X509&ssl=true`;
+   const url = `mongodb://${userName}:${password}@server:27017?authMechanism=MONGODB-X509&tls=true`;
 
    // Create a new MongoClient
    const client = new MongoClient(url, {
-     sslKey: key,
-     sslCert: cert,
-     sslValidate: false
+     tlsCertificateKeyFile: `${__dirname}/certs/x509/client.pem`,
    });
 
    // Function to connect to the server
@@ -202,7 +196,7 @@ In addition to the connection string, pass to the new ``MongoClient`` a connecti
        await client.close();
      }
    }
-   
+
    // Runs your code
    run();
 
@@ -244,7 +238,7 @@ The following example connects to MongoDB using Kerberos for UNIX.
        await client.close();
      }
    }
-   
+
    // Runs your code
    run();
 
@@ -284,7 +278,7 @@ To connect using the LDAP authentication mechanism, specify ``authMechanism=PLAI
        await client.close();
      }
    }
-   
+
    // Runs your code
    run();
 
 
@@ -29,7 +29,7 @@ To connect to a :manual:`replica set </core/replication-introduction/>` ,
 include a seedlist of replica set members and the name of the replica set in the
 :manual:`URI connection string </reference/connection-string/>` .
 
-In the following example, the connection string specifies two of the replica set members running on ``localhost:27017`` and ``localhost:27018`` and the name of the replica set (\ ``foo``\ ). 
+In the following example, the connection string specifies two of the replica set members running on ``localhost:27017`` and ``localhost:27018`` and the name of the replica set (\ ``foo``\ ).
 
 .. literalinclude:: /includes/connect-to-replicaset.js
    :language: js
@@ -62,18 +62,13 @@ For example, you can specify TLS/SSL and authentication setting.
    const { MongoClient } = require('mongodb');
    const fs = require('fs');
 
-     // Read the certificate authority
-   const ca = [fs.readFileSync(`${__dirname} + /ssl/ca.pem`)];
-   const cert = fs.readFileSync(`${__dirname} + /ssl/client.pem`);
-
    // Connection URL
-   const url = 'mongodb://dave:password@localhost:27017?authMechanism=DEFAULT&authSource=db&ssl=true';
+   const url = 'mongodb://dave:password@localhost:27017?authMechanism=DEFAULT&authSource=db&tls=true';
 
    // Create a client, passing in additional options
    const client = new MongoClient(url,  {
-     sslValidate: true,
-     sslCA: ca,
-     sslCert: cert
+     tlsCAFile: path.resolve(__dirname + '/certs/ca.pem'),
+     tlsCertificateKeyFile: `${__dirname}/certs/client.pem`
    });
 
    // Function to connect to the server
 
@@ -7,14 +7,14 @@ The Node.js driver supports TLS/SSL connections to MongoDB that support TLS/SSL
 No Certificate Validation
 -------------------------
 
-If the MongoDB instance does not perform any validation of the certificate chain, include the ``ssl=true`` in the :manual:`URI ConnectionString </reference/connection-string/>` .
+If the MongoDB instance does not perform any validation of the certificate chain, include the ``tls=true`` in the :manual:`URI ConnectionString </reference/connection-string/>` .
 
 .. code-block:: js
 
    const { MongoClient } = require('mongodb');
 
    // Connection URL
-   const url = 'mongodb://localhost:27017?ssl=true';
+   const url = 'mongodb://localhost:27017?tls=true';
 
    // Create a new MongoClient
    const client = new MongoClient(url);
@@ -39,54 +39,38 @@ Validate Server Certificate
 
 If the MongoDB instance presents a certificate, to validate the server's certificate, pass the following when creating a ``MongoClient``\ :
 
-* A :manual:`URI ConnectionString </reference/connection-string/>` that includes ``ssl=true`` setting,
+* A :manual:`URI ConnectionString </reference/connection-string/>` that includes ``tls=true`` setting,
 
-* A connections options with the certificate for the Certificate Authority (\ ``sslCA``\ ) and the ``sslValidate`` setting set to ``true``
+* A connections options with the certificate for the Certificate Authority (\ ``tlsCAFile``\ )
 
 .. code-block:: js
 
    const { MongoClient } = require('mongodb');
-   const fs = require('fs');
-
-   // Connection URL
-   const url = 'mongodb://localhost:27017?ssl=true';
 
-   // Read the certificate authority
-   const sslCA = [fs.readFileSync(`${__dirname}/ssl/ca.pem`)];
-
-   const client = new MongoClient(url, {
-     sslValidate: true,
-     sslCA
+   const client = new MongoClient('mongodb://localhost:27017?tls=true', {
+    tlsCAFile: `${__dirname}/certs/ca.pem`)
    });
 
 Disable Hostname Verification
 -----------------------------
 
 By default, the driver ensures that the hostname included in the
-server's SSL certificate(s) matches the hostname(s) provided in the URI connection string. If you need to disable the hostname verification, but otherwise validate the server's certificate, pass to the new ``MongoClient``\ :
+server's TLS certificate(s) matches the hostname(s) provided in the URI connection string. If you need to disable the hostname verification, but otherwise validate the server's certificate, pass to the new ``MongoClient``\ :
 
 
-* 
-  A :manual:`URI ConnectionString </reference/connection-string/>` that includes ``ssl=true`` setting,
+*
+  A :manual:`URI ConnectionString </reference/connection-string/>` that includes ``tls=true`` setting,
 
-* 
-  A connections options with the certificate for the Certificate Authority (\ ``sslCA``\ ) and the ``sslValidate`` setting set to ``true`` but  ``checkServerIdentity`` set to ``false``.
+*
+  A connections options with the certificate for the Certificate Authority (\ ``tlsCAFile``\ ) but  ``tlsAllowInvalidHostnames`` set to ``true``.
 
 .. code-block:: js
 
    const { MongoClient } = require('mongodb');
-   const fs = require('fs');
 
-   // Connection URL
-   const url = 'mongodb://localhost:27017?ssl=true';
-
-   // Read the certificate authority
-   const sslCA = [fs.readFileSync(`${__dirname}/ssl/ca.pem`)];
-
-   const client = new MongoClient(url, {
-     sslValidate: true,
-     checkServerIdentity: false,
-     sslCA
+   const client = new MongoClient('mongodb://localhost:27017?tls=true', {
+    tlsCAFile: `${__dirname}/certs/ca.pem`),
+    tlsAllowInvalidHostnames: true
    });
 
 Validate Server Certificate and Present Valid Certificate
@@ -96,61 +80,41 @@ If the MongoDB server performs certificate validation, the client must pass its
 certificate to the server. To pass the client's certificate as well as to validate the server's certificate, pass to the new ``MongoClient``\ :
 
 
-* 
-  A :manual:`URI ConnectionString </reference/connection-string/>` that includes ``ssl=true`` setting,
+*
+  A :manual:`URI ConnectionString </reference/connection-string/>` that includes ``tls=true`` setting,
 
-* 
-  A connections options with the ``sslValidate`` setting set to ``true``\ , the certificate for the Certificate Authority (\ ``sslCA``\ ), the client's certificate (\ ``sslCert``\ ) and private key file (\ ``sslKey``\ ).  If the client's key file is encrypted, include the password (\ ``sslPass``\ ).
+*
+  A connections options with the certificate for the Certificate Authority (\ ``tlsCAFile``\ ), the client's certificate (\ ``tlsCertificateKeyFile``\ ).  If the client's key file is encrypted, include the password (\ ``tlsCertificateKeyFilePassword``\ ).
 
 .. code-block:: js
 
    const { MongoClient } = require('mongodb');
    const fs = require('fs');
 
-   // Connection URL
-   const url = 'mongodb://localhost:27017?ssl=true';
-
-   // Read the certificates
-   const sslCA = [fs.readFileSync(`${__dirname}/ssl/ca.pem`)];
-   const sslCert = fs.readFileSync(`${__dirname}/ssl/client.pem`);
-   const sslKey = fs.readFileSync(`${__dirname}/ssl/client.pem`);
-
-   const client = new MongoClient(url, {
-     sslValidate: true,
-     sslCA,
-     sslCert,
-     sslKey,
-     sslPass: '10gen'
+   const client = new MongoClient('mongodb://localhost:27017?tls=true', {
+     tlsCAFile: `${__dirname}/certs/ca.pem`),
+     tlsCertificateKeyFile: `${__dirname}/certs/client.pem`,
+     tlsCertificateKeyFilePassword: '10gen'
    });
 
 Connect with X.509
 ------------------
 
-:manual:`X.509 </core/security-x.509>` authentication requires the use of TLS/SSL connections with certificate validation. MongoDB uses the X.509 certificate presented during SSL negotiation to authenticate a user whose name is derived from the distinguished name of the X.509 certificate.
+:manual:`X.509 </core/security-x.509>` authentication requires the use of TLS/SSL connections with certificate validation. MongoDB uses the X.509 certificate presented during TLS negotiation to authenticate a user whose name is derived from the distinguished name of the X.509 certificate.
 
-To connect using the X.509 authentication mechanism, specify ``MONGODB-X509`` as the mechanism in the :manual:`URI ConnectionString </reference/connection-string/>` , ``ssl=true``\ , and the username. Use ``enodeURIComponent`` to encode the username string.
+To connect using the X.509 authentication mechanism, specify ``MONGODB-X509`` as the mechanism in the :manual:`URI ConnectionString </reference/connection-string/>` , ``tls=true``\ , and the username. Use ``enodeURIComponent`` to encode the username string.
 
 In addition to the connection string, pass to the new ``MongoClient``
 a connections options with  the X.509 certificate and other :doc:`TLS/SSL connections </tutorials/connect/tls>` options.
 
 .. code-block:: js
 
    const { MongoClient } = require('mongodb');
-   const fs = require('fs');
 
-   // User name
    const userName = 'CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US';
-
-   // Connection URL
-   const url = `mongodb://${encodeURIComponent(userName)}@server:27017?authMechanism=MONGODB-X509&ssl=true`;
-
-   // Read the cert and key
-   const sslCert = fs.readFileSync(`${__dirname}/ssl/x509/client.pem`);
-   const sslKey = fs.readFileSync(`${__dirname}/ssl/x509/client.pem`);
-
+   const url = `mongodb://${encodeURIComponent(userName)}@server:27017?authMechanism=MONGODB-X509&tls=true`;
    const client = new MongoClient(url, {
-     sslCert,
-     sslKey
+     tlsCertificateKeyFile: `${__dirname}/certs/x509/client.pem`
    });
 
 TLS/SSL Options
@@ -165,35 +129,31 @@ The following TLS/SSL options are available.
      - Type
      - Default
      - Description
-   * - ``ssl``
+   * - ``tls``
      - boolean
      - ``false``
-     - Use tls/ssl connection. See :manual:`tls </reference/connection-string/#urioption.tls>`
-   * - ``sslValidate``
+     - Use TLS connections.
+   * - ``tlsInsecure``
      - boolean
      - ``false``
-     - Validate mongod server certificate against ca. Is equivalent to :manual:`tlsInsecure </reference/connection-string/#urioption.tlsInsecure>`
-   * - ``sslCA``
-     - Buffer[]|string[]
-     - 
-     - Array of valid certificates for Certificate Authority either as Buffers or Strings.
-   * - ``sslCRL``
-     - Buffer[]|string[]
-     - 
-     -  Certificate Revocation Lists. See `tls.createSecureContext <https://nodejs.org/dist/latest-v10.x/docs/api/tls.html#tls_tls_createsecurecontext_options>`_
-   * - ``sslCert``
-     - Buffer|string
-     - 
-     - String or buffer containing the client certificate.
-   * - ``sslKey``
-     - Buffer|string
-     - 
-     - String or buffer containing the certificate private key we wish to present
-   * - ``sslPass``
+     - 	Relax TLS constraints as much as possible (e.g. allowing invalid certificates or hostname mismatches); drivers must document the exact constraints which are relaxed by this option being true
+   * - ``tlsCAFile``
+     - string[]
+     -
+     - Path to file with either a single or bundle of certificate authorities to be considered trusted when making a TLS connection
+   * - ``tlsCertificateKeyFile``
+     - string
+     -
+     - Path to the client certificate file or the client private key file; in the case that they both are needed, the files should be concatenated
+   * - ``tlsCertificateKeyFilePassword``
      - Buffer|string
-     - 
+     -
      - String or buffer containing the client certificate password.
-   * - ``checkServerIdentity``
-     - function/boolean
-     - true
-     - If a function, overrides built-in `tls.checkServerIdentity <https://nodejs.org/dist/latest-v10.x/docs/api/tls.html#tls_tls_checkserveridentity_hostname_cert>`_. See `tls.connect <https://nodejs.org/dist/latest-v10.x/docs/api/tls.html#tls_tls_connect_options_callback>`_. If ``false``, automatically verifies all certificates and servernames.
+   * - ``tlsAllowInvalidCertificates``
+     - boolean
+     - false
+     - Specifies whether or not the driver should error when the server’s TLS certificate is invalid
+   * - ``tlsAllowInvalidHostnames``
+     - boolean
+     - false
+     - Specifies whether or not the driver should error when there is a mismatch between the server’s hostname and the hostname specified by the TLS certificate
@@ -39,7 +39,7 @@ If you'd like to use the MongoDB driver with ESNext features such as Promises an
 
 Advanced features for the driver.
 
-* [SSL]({{< relref "tutorials/connect/ssl.md" >}})
+* [TLS]({{< relref "tutorials/connect/tls.md" >}})
 * [Logging]({{< relref "reference/management/logging.md" >}})
 * [APM]({{< relref "reference/management/apm.md" >}})
 * [Topology monitoring]({{< relref "reference/management/sdam-monitoring.md" >}})