DOCSP-36306: OpenSSL link fix (#523)

* DOCSP-36306: OpenSSL link fix

Author: Chris Cho

source/fundamentals/connection/tls.txt

@@ -10,6 +10,13 @@ Enable TLS/SSL on a Connection
    :depth: 2
    :class: singlecol
 
+.. facet::
+   :name: genre
+   :values: tutorial
+
+.. meta::
+   :keywords: code example, security, connection options
+
 Overview
 --------
 
@@ -23,7 +30,7 @@ or `MongoClientSettings <{+api+}/apidocs/mongodb-driver-core/com/mongodb/MongoCl
 .. note:: Debugging TLS/SSL
 
    If you experience trouble setting up your TLS/SSL connection, you can
-   use the ``-Djavax.net.debug=all`` system property to view additional
+   use the ``-Djavax.net.debug=all`` system property to view more
    log statements. See `the Oracle guide to debugging TLS/SSL connections
    <https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ReadDebug.html>`__
    for more information.
@@ -86,7 +93,7 @@ Configure Certificates
 
 Java applications that initiate TLS/SSL requests require access to
 cryptographic certificates that prove identity for the application
-itself as well as other applications with which the application
+itself and other applications with which the application
 interacts. You can configure access to these certificates in your application with
 the following mechanisms:
 
@@ -121,7 +128,7 @@ application is genuine and secure from tampering by third parties.
 If your MongoDB instance uses a certificate that is signed by an
 authority that is not present in the JRE's default certificate store,
 your application must configure two system properties to initiate
-SSL/TLS requests. These properties ensure that your application is able to
+SSL/TLS requests. These properties ensure that your application can
 validate the TLS/SSL certificate presented by a connected MongoDB instance.
 
 - ``javax.net.ssl.trustStore``: the path to a trust store containing the
@@ -145,8 +152,8 @@ Configure the JVM Key Store
 .. note::
 
    By default, MongoDB instances do not perform client certificate
-   validation. You only need to configure the key store if you explicitly
-   configured your MongoDB instance to validate client certificates.
+   validation. You must configure the key store if you configured your MongoDB
+   instance to validate client certificates.
 
 The JVM key store saves certificates that securely identify your Java
 application to other applications. Using these certificates, other
@@ -165,11 +172,11 @@ the MongoDB deployment:
 
 You can create a key store with the `keytool
 <https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html>`__
-or `openssl <https://www.openssl.org/docs/apps/openssl.html>`__ command
-line tools.
+or `openssl <https://www.openssl.org/docs/manmaster/man1/openssl.html>`__
+command line tool.
 
 For more information on configuring a Java application to use TLS/SSL,
-please refer to the `JSSE Reference Guide
+please see the `JSSE Reference Guide
 <https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html>`__.
 
 .. _tls-disable-hostname-verification:
@@ -192,7 +199,7 @@ Disable Hostname Verification
 
 By default, the driver ensures that the hostname included in the server's
 TLS/SSL certificates matches the hostnames provided when constructing
-a ``MongoClient``. If you need to disable hostname verification for your
+a ``MongoClient``. To disable hostname verification for your
 application, you can explicitly disable this by setting the
 ``invalidHostNameAllowed`` property of the builder to ``true`` in the
 ``applytoSslSettings()`` builder lambda:
@@ -210,7 +217,7 @@ application, you can explicitly disable this by setting the
 
    Disabling hostname verification can make your configuration
    `insecure <https://tlseminar.github.io/docs/mostdangerous.pdf>`__.
-   You should only disable hostname verification for testing purposes or
+   Disable hostname verification only for testing purposes or
    when there is no other alternative.
 
 .. _tls-restrict-tls-1.2:
@@ -223,17 +230,17 @@ To restrict your application to use only the TLS 1.2 protocol, set the
 
 .. note::
 
-   Java Runtime Environments (JREs) prior to Java 8 only enabled
+   Java Runtime Environments (JREs) before Java 8 only enabled
    the TLS 1.2 protocol in update releases. If your JRE has not enabled
-   the TLS 1.2 protocol, you may need to upgrade to a later release to
-   connect using TLS 1.2.
+   the TLS 1.2 protocol, upgrade to a later release to connect by using
+   TLS 1.2.
 
 .. _tls-custom-sslContext:
 
 Customize TLS/SSL Configuration through the Java SE SSLContext
 --------------------------------------------------------------
 
-If your TLS/SSL configuration requires additional customization, you can
+If your TLS/SSL configuration requires customization, you can
 set the ``sslContext`` property of your ``MongoClient`` by
 passing an `SSLContext
 <https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLContext.html>`__
@@ -297,7 +304,7 @@ Online Certificate Status Protocol (OCSP)
 
 OCSP is a standard used to check whether X.509 certificates have been
 revoked. A certificate authority can add an X.509 certificate to the
-Certificate Revocation List (CRL) prior to the expiry time to invalidate
+Certificate Revocation List (CRL) before the expiry time to invalidate
 the certificate. When a client sends an X.509 certificate during the TLS
 handshake, the CA's revocation server checks the CRL and returns a status
 of "good", "revoked", or "unknown".
@@ -371,7 +378,7 @@ properties:
        |
        | If unset or set to ``false``, the connection can proceed regardless of the presence or status of the certificate revocation response.
 
-For additional information about OCSP, check out the following resources:
+For more information about OCSP, check out the following resources:
 
 - Oracle JDK 8 Documentation on `how to enable OCSP for an application <https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ocsp.html>`__
 - :rfc:`Official IETF specification for OCSP (RFC 6960) <6960>`