momo-jun commented on code in PR #16924: URL: https://github.com/apache/pulsar/pull/16924#discussion_r936346988
########## site2/docs/security-tls-transport.md: ########## @@ -28,7 +28,7 @@ For TLS transport encryption, the clients can use the **trust cert** to verify t For TLS authentication, the server uses the **trust cert** to verify that the client has a key pair that the certificate authority signed. The common name of the **client cert** is then used as the client's role token (see [Overview](security-overview.md)). -`Bouncy Castle Provider` provides cipher suites and algorithms in Pulsar. If you need [FIPS](https://www.bouncycastle.org/fips_faq.html) version of `Bouncy Castle Provider`, please reference [Bouncy Castle page](security-bouncy-castle.md). +In Pulsar, we are using [netty-tcnative](https://github.com/netty/netty-tcnative) and [Conscrypt](https://github.com/google/conscrypt) as security provider. We have two format certificates, Java KeyStore(JKS) and CAcerts. When using the JKS, we choose the Conscrypt, this applies to Broker service and Web service. When using the CAcerts on the broker service, we choose the netty-tcnative, which includes two implementations, OpenSSL and JDK, which default to OpenSSL, when the OpenSSL is unavailable, we switch to the JDK. Review Comment: ```suggestion Pulsar use [netty-tcnative](https://github.com/netty/netty-tcnative) and [Conscrypt](https://github.com/google/conscrypt) as security providers. There are two certificate formats: * Java KeyStore(JKS): When using JKS, you can choose Conscrypt, which applies to both broker service and Web service. * CAcerts: When using CAcerts for broker service, you can choose netty-tcnative, which includes two implementations, OpenSSL (default) and JDK. When OpenSSL is unavailable, JDK is used. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
