Is there any easy option beside tcpdump to find out if application to MongoDB connection is encrypted (TLS/SSL) without having access to the server mongodb.conf configuration files?
Maybe some connection configuration value that can be checked from inside the instance?
As far as I can tell, the current answer to this question is "no".
This feels like the type of thing that could be reported by commands like connectionStatus or connPoolStats. So it may be worth opening a feature request for.
Some TLS information is captured in the log file by default when client connections are established. You mentioned that you don't have access to the configuration files so I'm assuming that you don't have direct access to the logs either. However, there is a getLog command that can be used from a MongoDB shell session to pull some of this information. Starting an instance in preferTLS mode, connecting via the shell (without TLS), and issuing that command yielded the following:
test> db.adminCommand({getLog:"global"})
{
totalLinesWritten: 47,
log: [
...
'{"t":{"$date":"2022-10-24T10:42:40.262-05:00"},"s":"I", "c":"NETWORK", "id":22943, "ctx":"listener","msg":"Connection accepted","attr":{"remote":"127.0.0.1:48134","uuid":"a5816945-d689-42e8-989b-f19e62bf65e7","connectionId":4,"connectionCount":4}}\n',
`{"t":{"$date":"2022-10-24T10:42:40.264-05:00"},"s":"I", "c":"NETWORK", "id":23838, "ctx":"conn4","msg":"SSL mode is set to 'preferred' and connection to remote is not using SSL.","attr":{"connectionId":4,"remote":"127.0.0.1:48134"}}\n`,
...
],
ok: 1
}
Reformatting the second log line shown:
{
t: { '$date': '2022-10-24T10:42:40.264-05:00' },
s: 'I',
c: 'NETWORK',
id: 23838,
ctx: 'conn4',
msg: "SSL mode is set to 'preferred' and connection to remote is not using SSL.",
attr: { connectionId: 4, remote: '127.0.0.1:48134' }
}
That above reports that conn4 is not using SSL.