|
| 1 | +<!--- |
| 2 | + Licensed to the Apache Software Foundation (ASF) under one or more |
| 3 | + contributor license agreements. See the NOTICE file distributed with |
| 4 | + this work for additional information regarding copyright ownership. |
| 5 | + The ASF licenses this file to You under the Apache License, Version 2.0 |
| 6 | + (the "License"); you may not use this file except in compliance with |
| 7 | + the License. You may obtain a copy of the License at |
| 8 | +
|
| 9 | + http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | +
|
| 11 | + Unless required by applicable law or agreed to in writing, software |
| 12 | + distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | + See the License for the specific language governing permissions and |
| 15 | + limitations under the License. |
| 16 | +--> |
| 17 | + |
| 18 | +# Security |
| 19 | + |
| 20 | +Raft is a consensus algorithm designed for fault tolerance. |
| 21 | +A basic assumption of Raft is that |
| 22 | + |
| 23 | +- the servers can trust each other. |
| 24 | + |
| 25 | +In contrast, Raft is not designed to solve the Byzantine Generals Problem, |
| 26 | +which assumes that some of the servers may be malicious. |
| 27 | + |
| 28 | +Apache Ratis is a Raft library |
| 29 | +which supports a pluggable transport. |
| 30 | +Applications using Ratis usually run a transport over a network. |
| 31 | +In such case, |
| 32 | +the applications must either provide secure communications between the servers |
| 33 | +or provide a safe network environment such as running the servers in a private network. |
| 34 | +Applications must not accept requests from any untrusted servers. |
| 35 | + |
| 36 | +Below are the TLS Configuration Parameters. |
| 37 | +Applications may use them to build `RaftServer`/`RaftClient` objects for establishing secure connections. |
| 38 | + |
| 39 | +| **Property** | **Description** | |
| 40 | +|:----------------------------------------|:----------------------------------| |
| 41 | +| `raft.grpc.tls.conf` | gRPC default TLS conf | |
| 42 | +| `raft.grpc.server.tls.conf` | gRPC server TLS conf | |
| 43 | +| `raft.grpc.client.tls.conf` | gRPC client TLS conf | |
| 44 | +| `raft.grpc.admin.tls.conf` | gRPC admin TLS conf | |
| 45 | +| `raft.netty.dataStream.server.tls.conf` | Netty data stream server TLS conf | |
| 46 | +| `raft.netty.dataStream.client.tls.conf` | Netty data stream client TLS conf | |
0 commit comments