TiKV: How to define what connections have to use TLS encryption?

In cassandra there is configuration option

internode_encryption: dc

That enforce encryption between different DCs only.
Is there such option in TiKV ?


Do you need this: Enable TLS Between TiDB Clients and Servers | PingCAP Docs?

1 Like

Thanks quite similar but no.
It is encryption between TiDB and client. I do not use TiDB. I use TiKV only.
(We had service that used RocksDB and we like modify it to use TiKV. TiKV API is quite similar to RocksDB)

I need encryption between TiKV and client.

Maybe this explains what you need?

1 Like

Thanks. I read that. It seems to turn encryption between any service. So services running in same rack would have to encrypt data.


internode_encryption: dc

enables encryption between datacenters only. nodes in same rack would would not encrypt data, data between racks would not be encrypted.

That config option can take following values in cassandra

  • all - Encrypt all internode communications.
  • none - No encryption.
  • dc - Encrypt the traffic between the datacenters.
  • rack - Encrypt the traffic between the racks.

Yes what TiDB offers is basically ‘all’ or ‘none’. However if you have two clusters in two DC’s, both with ‘none’ you could use TiCDC to replicate between them over a secure channel, but that’s outside of TiKV.

1 Like

It is answer I was looking. Thank You.