This PR adds an option to the broker configuration ssl:boolean.
When ssl is set to true, SSL/TLS will be enabled like before when using a CA/Cert/Key. This allows one to enable SSL/TLS without having to specifically specifying the CA/Cert/Key, which I think is useful.
The Cert/Key are only used for client side authentication.
Configuring a CA would be more secure, but also requires more maintenance, because you might have to update it when the server changes its certificate. For most scenarios is safe enough to relay on the system wide trusted CAs, which is the default when using SSL/TLS without an explicit CA.
This PR adds an option to the broker configuration
ssl:boolean
.When
ssl
is set totrue
, SSL/TLS will be enabled like before when using a CA/Cert/Key. This allows one to enable SSL/TLS without having to specifically specifying the CA/Cert/Key, which I think is useful.The Cert/Key are only used for client side authentication. Configuring a CA would be more secure, but also requires more maintenance, because you might have to update it when the server changes its certificate. For most scenarios is safe enough to relay on the system wide trusted CAs, which is the default when using SSL/TLS without an explicit CA.