Encryption in transit
Enable encryption in transit (using TLS) to protect network communication.YugabyteDB can be configured to protect data in transit with: - [Server-server encryption](./server-to-server) for intra-node communication between YB-Master and YB-TServer nodes - [Client-server](./client-to-server) for communication between clients and nodes when using CLIs, tools, and APIs for YSQL and YCQL YugabyteDB supports [Transport Layer Security (TLS)](https://en.wikipedia.org/wiki/Transport_Layer_Security) encryption based on [OpenSSL](https://www.openssl.org), an open source cryptography toolkit that provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols. **Note:** Client-server TLS encryption is not supported for YEDIS. Follow the steps in this section to learn how to enable encryption using TLS for a three-node YugabyteDB cluster.
Create server certificates
Create server certificates (using TLS) for protecting data in transit between YugabyteDB nodes.
Create client certificates
Create self-signed certificates to connect clients to YugabyteDB clusters.
Enable server-to-server encryption
Enable server-to-server encryption (using TLS) between YB-Master and YB-TServer nodes.
Enable client-to-server encryption
Enable client-to-server encryption (using TLS) for YSQL and YCQL.