|
|
@ -10,8 +10,8 @@ description: |-
|
|
|
|
|
|
|
|
|
|
|
|
Consul relies on both a lightweight gossip mechanism and an RPC system
|
|
|
|
Consul relies on both a lightweight gossip mechanism and an RPC system
|
|
|
|
to provide various features. Both of the systems have different security
|
|
|
|
to provide various features. Both of the systems have different security
|
|
|
|
mechanisms that stem from their designs. However, the goals
|
|
|
|
mechanisms that stem from their designs. However, the overall goal
|
|
|
|
of Consuls security are to provide [confidentiality, integrity and authentication](http://en.wikipedia.org/wiki/Information_security).
|
|
|
|
of Consul's security model is to provide [confidentiality, integrity and authentication](http://en.wikipedia.org/wiki/Information_security).
|
|
|
|
|
|
|
|
|
|
|
|
The [gossip protocol](/docs/internals/gossip.html) is powered by [Serf](http://www.serfdom.io/),
|
|
|
|
The [gossip protocol](/docs/internals/gossip.html) is powered by [Serf](http://www.serfdom.io/),
|
|
|
|
which uses a symmetric key, or shared secret, cryptosystem. There are more
|
|
|
|
which uses a symmetric key, or shared secret, cryptosystem. There are more
|
|
|
@ -19,10 +19,11 @@ details on the security of [Serf here](http://www.serfdom.io/docs/internals/secu
|
|
|
|
|
|
|
|
|
|
|
|
The RPC system supports using end-to-end TLS, with optional client authentication.
|
|
|
|
The RPC system supports using end-to-end TLS, with optional client authentication.
|
|
|
|
[TLS](http://en.wikipedia.org/wiki/Transport_Layer_Security) is a widely deployed asymmetric
|
|
|
|
[TLS](http://en.wikipedia.org/wiki/Transport_Layer_Security) is a widely deployed asymmetric
|
|
|
|
cryptosystem, and is the foundation of security on the Internet.
|
|
|
|
cryptosystem, and is the foundation of security on the Web, as well as
|
|
|
|
|
|
|
|
some other critical parts of the Internet.
|
|
|
|
|
|
|
|
|
|
|
|
This means Consul communication is protected against eavesdropping, tampering,
|
|
|
|
This means Consul communication is protected against eavesdropping, tampering,
|
|
|
|
or spoofing. This makes it possible to run Consul over untrusted networks such
|
|
|
|
and spoofing. This makes it possible to run Consul over untrusted networks such
|
|
|
|
as EC2 and other shared hosting providers.
|
|
|
|
as EC2 and other shared hosting providers.
|
|
|
|
|
|
|
|
|
|
|
|
~> **Advanced Topic!** This page covers the technical details of
|
|
|
|
~> **Advanced Topic!** This page covers the technical details of
|
|
|
|