Encryption at rest uses a second WiredTiger database to store encryption keys to the standard MongoDB databases. Without modification, the wiredtiger_open call of this second database in 3.6 will upgrade WT's file compatibility to 3.0. A shutdown on FCV 3.4 would require changing the compatibility back to 2.9.

One option is to never upgrade this inner wiredtiger instance to 3.0 and keep it on 2.9. The bug fixed in WT's journal is unlikely to happen on this keystore database.

Alternatively, this keystore could run in "no journal" mode and require a checkpoint to make writes durable.

Another edge case to consider is that key rotation does an early shutdown of the `mongod` process. This happens before the FCV value is read from the `admin.system.version` collection. This leaves storage engine cleanup in a state where it does not know what version the file compatibility should be set to. It may make sense for key rotation to always use file compatibility 2.9. Alternatively WiredTiger can expose a method for keeping the file compatibility the same instead of auto-upgrading.