Memcached server specification (TLS/SSL) documentation
rusty-udemy opened this issue · 1 comments
I was unable to find any documentation on the wiki on the specification of downstream servers in the wiki, especially around SSL/TLS.
- https://github.com/facebook/mcrouter/wiki/SSL-Setup mentions how to set up for incoming connections (and is not linked to from https://github.com/facebook/mcrouter/wiki/Features#SSL-support
- https://github.com/facebook/mcrouter/wiki/Features#SSL-support only links to https://github.com/facebook/mcrouter/wiki/Command-line-options#ssl which enables incoming SSL connections
- All other memcached server specification examples (e.g. in https://github.com/facebook/mcrouter/blob/main/README.md or https://github.com/facebook/mcrouter/wiki/Sharded-pools-setup) just use the
host:portformat.
I had to do code spelunking to find
mcrouter/mcrouter/lib/network/AccessPoint.cpp
Line 168 in b8c1b6c
<host>:<port>[:<protocol>[:<encryption>[:<compressed>]]]
It would be good to have that format (along with the options for each - who knew that encryption could be ssl, fizz, ktls, tls_to_plain? What does each mean?)
SecurityMech class declared here:
mcrouter/mcrouter/lib/network/SecurityOptions.h
Line 19 in 4e08bf0
"plain" = SecurityMech::NONE
"ssl" = SecurityMech::TLS
"tls_to_plain" = SecurityMech::TLS_TO_PLAINTEXT
"fizz" = SecurityMech::TLS13_FIZZ
"ktls12" = SecurityMech::KTLS12
AccessPointTest.cpp file has an example of using extended parameters for the access point:
mcrouter/mcrouter/lib/network/test/AccessPointTest.cpp
Line 78 in 4e08bf0