From ed0fdc49e19c6d8cd27c3fa92741a9f09a39e741 Mon Sep 17 00:00:00 2001 From: Darius Maitia Date: Tue, 28 May 2024 10:36:30 +0200 Subject: [PATCH] doc(tls): TLS with scouting & protocol whitelisting --- content/docs/manual/tls.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/content/docs/manual/tls.md b/content/docs/manual/tls.md index 4da0e635..182b218c 100644 --- a/content/docs/manual/tls.md +++ b/content/docs/manual/tls.md @@ -104,6 +104,28 @@ Let's assume that the above configurations are then saved with the name _peer.js --- +## TLS with Scouting :warning: + +Zenoh provides a [scouting mechanism](../../getting-started/deployment/#scouting) that allows peers to discover other neighboring peers automatically. + +By default, this feature is enabled and attempts to establish connections with other peers **using all Zenoh-supported protocols** (not just TLS). + +To ensure that all connections are established using TLS, you can configure the protocols filter as shown below: + +```json +{ + "transport": { + "link": { + "protocols": ["tls"] + } + } +} +``` + +The `protocols` configuration field specifies which protocols Zenoh should whitelist for accepting and opening sessions. If this field is not configured, Zenoh will automatically whitelist all supported protocols. + +--- + ## Mutual authentication (mTLS) In order to enable mutual authentication, we'll need two sets of keys and certificates, one for the "server" and one for the "client". These sets of keys and certificates can be generated as explained [in the appendix section below](#appendix-tls-certificates-creation).