zergduan opened a new issue, #4527: URL: https://github.com/apache/rocketmq/issues/4527
**FEATURE REQUEST** 1. Please describe the feature you are requesting. 基于 https://github.com/apache/rocketmq/blob/e05b098327d0781362121c65e1c9445c0cb0684b/docs/cn/Configuration_TLS.md 文档的内容,请教几个问题 a. RocketMQ 4.9.2 及更高版本,TLS必须设置双向认证么?是否可以只做server端认证? b. 文档文档中3.2内容: 编辑runbroker.sh,在JAVA_OPT中增加以下内容: JAVA_OPT="${JAVA_OPT} -Dorg.apache.rocketmq.remoting.ssl.mode=enforcing -Dtls.config.file=/opt/rocketmq-4.9.3/conf/tls.properties -Dtls.enable=true" 其中的org.apache.rocketmq.remoting.ssl.mode参数我没有找到源码对应的内容,是不是写错了? c. 文档中 tls.server.need.client.auth 参数控制是否需要做client认证(及开启双向认证)对么?那么 tls.server.authClient 和 tls.client.authServer 参数是用来做什么的? d. tls.client.authServer 似乎有些矛盾,文档中在borker、namesrv上此参数被设置为false(tls.properties文件内容),但是在生产者、消费者上此参数被设置为true(JAVA_OPT环境变量),这是为什么? e. 按照文档中的内容操作,broker和namesrv之间的交互也会进行client认证么?比如 broker 上报自身状态到namesrv,也是TLS加密通信?broker上报namesrv时,broker作为客户端也要被namesrv验证证书对么? f. 当按照文档中的内容操作后,rocketmq-dashbord 要如何设置才能正常管理rocketmq 集群? 2. Provide any additional detail on your proposed use case for this feature. 2. Indicate the importance of this issue to you (blocker, must-have, should-have, nice-to-have). Are you currently using any workarounds to address this issue? 4. If there are some sub-tasks involved, use -[] for each sub-task and create a corresponding issue to map to the sub-task: - [sub-task1-issue-number](example_sub_issue1_link_here): sub-task1 description here, - [sub-task2-issue-number](example_sub_issue2_link_here): sub-task2 description here, - ... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
