Clarify TiProxy TLS docs and wording

hfxsd · hfxsd · commit fce5583d5fb0 · 2026-03-20T10:57:23.000+08:00
Update English and Chinese TLS docs for TiProxy: clarify TiProxyCertLayout options (recommend v1), consolidate and rephrase the certificate-layout explanation, and adjust the wording around TLS settings and default TLS secret usage (including comma/punctuation fixes). Also normalize Chinese punctuation/spacing for the mTLS note and tidy related bullets.
diff --git a/en/enable-tls-for-mysql-client.md b/en/enable-tls-for-mysql-client.md
@@ -731,14 +731,12 @@ SHOW GLOBAL STATUS LIKE 'Ssl\_server\_not\_%';
 
 ## TiProxy
 
-When using TiProxy in front of a set of TiDB servers you also need to configure TLS for it.
+When using TiProxy in front of a set of TiDB servers you also need to configure TLS for it. Depending on the `TiProxyCertLayout` a different certificate layout is chosen:
 
-Depending on the `TiProxyCertLayout` a different certificate layout is chosen:
+- not set: the legacy layout.
+- `v1`: the version one of the layout (recommended).
 
-- not set: This is the legacy layout.
-- `v1`: This is version one of the layout. This is recommended.
-
-There are TLS settings for these components of TiProxy:
+The following are TLS settings for these components of TiProxy:
 
 - `security.cluster-tls`: used to interface with other hosts in the cluster both as server and client (mTLS).
 - `security.server-tls`: used for serving MySQL protocol access on port 6000.
@@ -747,9 +745,9 @@ There are TLS settings for these components of TiProxy:
 
 See also [the security section of the configuration](https://docs.pingcap.com/tidb/stable/tiproxy-configuration/#security).
 
-TiProxy will try to use the TLS secret from TiDB for client/server connections by default. If you do this make sure these certificates also contain the hostname of the TiProxy hosts.
+TiProxy will try to use the TLS secret from TiDB for client/server connections by default. If you do this, make sure these certificates also contain the hostname of the TiProxy hosts.
 
-Other settings that influence this:
+Other settings that influence this include:
 
 - `tlsCluster.enabled`
 - `tlsClient.enabled`
diff --git a/zh/enable-tls-for-mysql-client.md b/zh/enable-tls-for-mysql-client.md
@@ -738,16 +738,14 @@ SHOW GLOBAL STATUS LIKE 'Ssl\_server\_not\_%';
 
 ## TiProxy
 
-当在一组 TiDB 服务器前使用 TiProxy 时，也需要为 TiProxy 配置 TLS。
-
-根据 `TiProxyCertLayout` 的不同，会选择不同的证书布局：
+当在一组 TiDB 服务器前使用 TiProxy 时，也需要为 TiProxy 配置 TLS。根据 `TiProxyCertLayout` 的不同，会选择不同的证书布局：
 
 - 未设置：使用旧版布局。
 - `v1`：使用第一版布局。推荐使用该版本。
 
 TiProxy 的以下组件提供了 TLS 配置项：
 
-- `security.cluster-tls`：用于与集群中的其他主机通信，同时作为服务端和客户端使用（mTLS）。
+- `security.cluster-tls`：用于与集群中的其他主机通信，同时作为服务端和客户端使用 (mTLS)。
 - `security.server-tls`：用于在 6000 端口提供 MySQL 协议访问服务。
 - `security.sql-tls`：用于作为客户端访问 TiDB。
 - `security.server-http-tls`：用于在 3080 端口提供 HTTP 服务。
