SSL/TLS encrypted connections

The following sections explain how to set up encrypted communications between P4 servers (commit/replica/edge), brokers, proxies, and clients.

For any given P4 Server, proxy, or broker, SSL/TLS encryption is an all-or-nothing option: If a P4 Server is configured to use SSL/TLS (presumably for security reasons), all P4 Server applications must be configured to use SSL/TLS. Conversely, if a P4 Server is configured to accept plaintext connections (either for performance reasons or for backwards compatibility), all client applications must connect in plaintext. It is possible however, if you have an intermediary (such as a proxy or a broker) between the client and the P4 Server, that one leg of the communication is encrypted and the following is not. For more information, see SSL/TLS in a mixed environment.

For SSL/TLS encrypted connections in a deployment with replicas or commit-edge architecture, see Create commit and edge server configurations, which includes trust file configuration for service users.