|
|
|
@ -71,9 +71,8 @@ present on all agents, set via the agent's `ca_file` option. All server nodes mu
|
|
|
|
appropriate key pair set using `cert_file` and `key_file`.
|
|
|
|
appropriate key pair set using `cert_file` and `key_file`.
|
|
|
|
|
|
|
|
|
|
|
|
If `verify_incoming` is set, the servers verify the authenticity of all incoming
|
|
|
|
If `verify_incoming` is set, the servers verify the authenticity of all incoming
|
|
|
|
connections. Servers will also disallow any non-TLS connections. All clients must have
|
|
|
|
connections. All clients must have a valid key pair set using `cert_file` and `key_file`. Servers will
|
|
|
|
a valid key pair set using `cert_file` and `key_file`. To force clients to use TLS,
|
|
|
|
also disallow any non-TLS connections. To force clients to use TLS, `verify_outgoing` must also be set.
|
|
|
|
`verify_outgoing` must also be set.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TLS is used to secure the RPC calls between agents, but gossip between nodes is done over UDP
|
|
|
|
TLS is used to secure the RPC calls between agents, but gossip between nodes is done over UDP
|
|
|
|
and is secured using a symmetric key. See above for enabling gossip encryption.
|
|
|
|
and is secured using a symmetric key. See above for enabling gossip encryption.
|
|
|
|
|
Ryan Breen
10 years ago