nodece commented on code in PR #17808: URL: https://github.com/apache/pulsar/pull/17808#discussion_r983212600
########## site2/docs/security-tls-transport.md: ########## @@ -475,46 +407,97 @@ brokerClientTlsKeyStore=/var/private/tls/client.keystore.jks brokerClientTlsKeyStorePassword=clientpw ``` -:::note +To disable non-TLS ports, you need to set the values of `brokerServicePort` and `webServicePort` to empty. -It is important to restrict access to the store files via filesystem permissions. +Optional settings: +1. `tlsRequireTrustedClientCertOnConnect=true`: Enable TLS authentication on both brokers and clients for mutual TLS. When enabled, it authenticates the other end of the communication channel. Review Comment: Add a new section to introduce this. ########## site2/docs/security-tls-transport.md: ########## @@ -475,46 +407,97 @@ brokerClientTlsKeyStore=/var/private/tls/client.keystore.jks brokerClientTlsKeyStorePassword=clientpw ``` -:::note +To disable non-TLS ports, you need to set the values of `brokerServicePort` and `webServicePort` to empty. -It is important to restrict access to the store files via filesystem permissions. +Optional settings: +1. `tlsRequireTrustedClientCertOnConnect=true`: Enable TLS authentication on both brokers and clients for mutual TLS. When enabled, it authenticates the other end of the communication channel. Review Comment: Add a new section to introduce this, it is important. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
