nodece commented on code in PR #16924: URL: https://github.com/apache/pulsar/pull/16924#discussion_r936534757
########## site2/docs/security-tls-transport.md: ########## @@ -28,7 +28,7 @@ For TLS transport encryption, the clients can use the **trust cert** to verify t For TLS authentication, the server uses the **trust cert** to verify that the client has a key pair that the certificate authority signed. The common name of the **client cert** is then used as the client's role token (see [Overview](security-overview.md)). -`Bouncy Castle Provider` provides cipher suites and algorithms in Pulsar. If you need [FIPS](https://www.bouncycastle.org/fips_faq.html) version of `Bouncy Castle Provider`, please reference [Bouncy Castle page](security-bouncy-castle.md). +In Pulsar, we are using [netty-tcnative](https://github.com/netty/netty-tcnative) and [Conscrypt](https://github.com/google/conscrypt) as security provider. We have two format certificates, Java KeyStore(JKS) and CAcerts. When using the JKS, we choose the Conscrypt, this applies to Broker service and Web service. When using the CAcerts on the broker service, we choose the netty-tcnative, which includes two implementations, OpenSSL and JDK, which default to OpenSSL, when the OpenSSL is unavailable, we switch to the JDK. Review Comment: @momo-jun Thanks! Done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
