I saw the updates to the documentation on configuring SSL for the Windows Server (around 3.7.0 I guess). Does following the steps in the docs make the server require SSL to communicate with it? If not, is there a way configure Event Store so that non-encrypted communication attempts are rejected?
Does configuring the servers in this way also encrypt communications between nodes in a cluster, if that traffic is not already encrypted?
Internal vs external communications are configured separately.
There are two points on this.
1) gossip is still over http (eg just checking if nodes are alive).
There is a card to support https here.
2) there is a card up (not sure if its completed or not) to force only
ssl communications. I would need to check status
Cheers,
Greg
The card Greg mentioned in his second point has been completed
A new option, disable-insecure-tcp, to force ssl-only communications over TCP was added in this PR and will be in release 4.0.0.
This only covers TCP, though. HTTPS on gossip still needs to be done.