TLS: Some redis.conf clarifications.

2025-01-22 08:08:53 -05:00 · 2020-02-05 18:30:12 +02:00 · 2020-02-05 18:30:12 +02:00 · 1e02d599dc
commit 1e02d599dc
parent 44ac202fbf
1 changed files with 10 additions and 11 deletions
--- a/redis.conf
+++ b/redis.conf
@ -155,23 +155,22 @@ tcp-keepalive 300
 # tls-ca-cert-file ca.crt
 # tls-ca-cert-dir /etc/ssl/certs

-# If TLS/SSL clients are required to authenticate using a client side
-# certificate, use this directive.
+# By default, clients (including replica servers) on a TLS port are required
+# to authenticate using valid client side certificates.
 #
-# Note: this applies to all incoming clients, including replicas.
+# It is possible to disable authentication using this directive.
 #
-# tls-auth-clients yes
+# tls-auth-clients no

-# If TLS/SSL should be used when connecting as a replica to a master, enable
-# this configuration directive:
+# By default, a Redis replica does not attempt to establish a TLS connection
+# with its master.
+#
+# Use the following directive to enable TLS on replication links.
 #
 # tls-replication yes

-# If TLS/SSL should be used for the Redis Cluster bus, enable this configuration
-# directive.
-#
-# NOTE: If TLS/SSL is enabled for Cluster Bus, mutual authentication is always
-# enforced.
+# By default, the Redis Cluster bus uses a plain TCP connection. To enable
+# TLS for the bus protocol, use the following directive:
 #
 # tls-cluster yes