34 lines
703 B
Markdown
34 lines
703 B
Markdown
# ADR 011 - TLS communication
|
|
|
|
## Date
|
|
|
|
- Mar/06/2026
|
|
- First documentation
|
|
|
|
## Status
|
|
|
|
- Accepted
|
|
|
|
## Context
|
|
|
|
- To make administrational policy simple
|
|
- Set the principle of TLS communication boundry
|
|
|
|
## Considerations
|
|
|
|
### Apply mTLS
|
|
|
|
- implementing mTLS needs both client certificate and server certificate
|
|
- Managing a number of certificates makes a huge operational burden (expiry date, revocation, etc ..)
|
|
|
|
## Decisions
|
|
|
|
- Set TLS for all communication except 'lo' interface
|
|
- When it is possible to activate TLS, apply it even in 'lo' interface
|
|
|
|
## Consequences
|
|
|
|
- The policy is set simple
|
|
- The overhead is increased little
|
|
- Exclude the exceptions on operation (For the administrator)
|