A new failover.ssl configuration section can be used to provide SSL
client parameters for the failover coordinator. These parameters are
used for outgoing IPROTO connections to instances when the instance URI
has `params.transport: ssl
Options:
SSL parameters used by the failover coordinator to connect to instances
over IPROTO when SSL is enabled.
failover.ssl.ssl_ca_file (Optional)
A path to a trusted certificate authority (CA) file used to verify the
instance certificate. If not set, the coordinator doesn't verify the
instance certificate.
failover.ssl.ssl_cert_file (Optional)
A path to the client SSL certificate file used by the coordinator.
Required if instances are configured to require a client certificate
(mTLS).
failover.ssl.ssl_key_file (Optional)
A path to the client private SSL key file used by the coordinator.
Required if ssl_cert_file is set. Required if ssl_cert_file is set.
failover.ssl.ssl_ciphers (Optional)
A colon-separated (:) list of SSL cipher suites the connection can use.
failover.ssl.ssl_password (Optional)
A password for an encrypted private SSL key provided using
ssl_key_file. Alternatively, the password can be provided in
ssl_password_file.
failover.ssl.ssl_password_file (Optional)
A path to a text file with one or more passwords for encrypted private
SSL keys provided using ssl_key_file (each on a separate line).
Example:
failover:
ssl:
ssl_ca_file: './certs/rootCA.pem'
ssl_cert_file: './certs/coordinator.crt'
ssl_key_file: './certs/coordinator.key'
# Optional:
# ssl_ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:...'
# ssl_password: 'secret'
# ssl_password_file: './certs/key_passwords.txt'Requested by @Godrik0 in https://github.com/tarantool/tarantool-ee/commit/558a5399199095eddf21d85f72cec94090c65d65.
A new
failover.sslconfiguration section can be used to provide SSLclient parameters for the failover coordinator. These parameters are
used for outgoing IPROTO connections to instances when the instance URI
has `params.transport: ssl
Options:
failover.sslSSL parameters used by the failover coordinator to connect to instances
over IPROTO when SSL is enabled.
failover.ssl.ssl_ca_file(Optional)A path to a trusted certificate authority (CA) file used to verify the
instance certificate. If not set, the coordinator doesn't verify the
instance certificate.
failover.ssl.ssl_cert_file(Optional)A path to the client SSL certificate file used by the coordinator.
Required if instances are configured to require a client certificate
(mTLS).
failover.ssl.ssl_key_file(Optional)A path to the client private SSL key file used by the coordinator.
Required if
ssl_cert_fileis set. Required if ssl_cert_file is set.failover.ssl.ssl_ciphers(Optional)A colon-separated (:) list of SSL cipher suites the connection can use.
failover.ssl.ssl_password(Optional)A password for an encrypted private SSL key provided using
ssl_key_file. Alternatively, the password can be provided inssl_password_file.failover.ssl.ssl_password_file(Optional)A path to a text file with one or more passwords for encrypted private
SSL keys provided using ssl_key_file (each on a separate line).
Example:
Requested by @Godrik0 in https://github.com/tarantool/tarantool-ee/commit/558a5399199095eddf21d85f72cec94090c65d65.