DavIvek
commented
6 months ago @ikto-art Thank you for opening an issue. Currently, there is no encryption implemented for communication between the main and replica. We are actively working on improving high availability and are prioritizing this area.
Unless I missed something somewhere, it seems the code of Memgraph in its current state is doing unauthenticated and unencrypted connections to its replicas but would be capable of doing client & server TLS encryption and mutual authentication, allowing the use of distant replicas with ASYNC without cloud firewalls or virtual private networks. It seems in the code that the Cypher query ignores the SSL optional config and sets it to null by default, without any means to configure it further. Also the docs never mention the kind of protocol used between main and replicas, if it is either TCP or UDP and if it supports SSL or not.
Are Memgraph replicas only supposed to be run in the same private local network as the main server? For me it defeats the purpose of having a distant replica not affected by anything happening in the region of the main server, like Azure CosmosDB having a read-only secondary region. Something like Nebula would do the trick for now since there is also a lack of DNS resolution but I'm surprised it's not mentioned in the docs or implemented since the code to support it seems to be there already.