Adding information about port 7688 neo4j#917 (neo4j#923)

lidiazuin · web-flow · commit c2f9341afc98 · 2023-07-21T17:11:04.000+02:00
Cherry-picked from neo4j#917
diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc
@@ -7,7 +7,7 @@ The SSL framework provides support for securing the following Neo4j communicatio
 
 * `bolt` (port - `7687`)
 * `https` (port - `7473`)
-* `cluster` (ports - `5000`, `6000`, and `7000`)
+* `cluster` (ports - `5000`, `6000`, `7000`, and `7688`)
 * `backups` (port - `6362`)
 
 [[ssl-providers]]
@@ -192,11 +192,14 @@ Each policy needs to be explicitly enabled by setting:
 [[ssl-bolt-config]]
 === Configure SSL over Bolt
 
-Bolt protocol is based on the link:https://neo4j.com/docs/bolt/current/packstream/[PackStream serialization] and supports the Cypher type system, protocol versioning, authentication, and TLS via certificates. 
-For Neo4j clusters, Bolt provides smart client routing with load balancing and failover. 
-Bolt connector is used by Cypher Shell, Neo4j Browser, and by the officially supported language drivers. 
-Bolt connector is enabled by default but its encryption is disabled. 
-To enable the encryption over Bolt, create the folder structure and place the key file and the certificates under those. 
+Bolt protocol is based on the link:https://neo4j.com/docs/bolt/current/packstream/[PackStream serialization] and supports the Cypher type system, protocol versioning, authentication, and TLS via certificates.
+For Neo4j clusters, Bolt provides smart client routing with load balancing and failover.
+When server side routing is enabled, an additional Bolt port is open on `7688`.
+It can be used only within the cluster and with all the same settings as the external Bolt port.
+
+Bolt connector is used by Cypher Shell, Neo4j Browser, and by the officially supported language drivers.
+Bolt connector is enabled by default but its encryption is disabled.
+To enable the encryption over Bolt, create the folder structure and place the key file and the certificates under those.
 Then, you need to configure the SSL Bolt policies in the _neo4j.conf_ file.
 
 . Enable the Bolt connector to enable SSL over Bolt:
@@ -571,14 +574,15 @@ openssl s_client -connect my_domain.com:7473
 === Configure SSL for intra-cluster communications
 
 Intra-cluster encryption is the security solution for the cluster communication.
-The Neo4j cluster communicates on 3 ports:
+The Neo4j cluster communicates on 4 ports:
 
 * 5000 - Discovery management
 * 6000 - Transactions
 * 7000 - Raft communications
- 
-To set up intra-cluster encryption, on each server create the folder structure and place the key file and the certificates under those. 
-Then, you need to configure the SSL cluster policies in the _neo4j.conf_ file and test that the intra-cluster communication is encrypted. 
+* 7688 - Server side routing
+
+To set up intra-cluster encryption, on each server create the folder structure and place the key file and the certificates under those.
+Then, you need to configure the SSL cluster policies in the _neo4j.conf_ file and test that the intra-cluster communication is encrypted.
 
 . Set up the _cluster_ folder under _certificates_.
 .. Create a directory _cluster_ under_<neo4j-home>/certificates_ folder:
