Encryption in transit
YugabyteDB can be configured to protect data in transit with:
- Server-server encryption for intra-node communication between YB-Master and YB-TServer nodes
- Client-server for communication between clients and nodes when using CLIs, tools, and APIs for YSQL and YCQL
YugabyteDB supports Transport Layer Security (TLS) encryption based on OpenSSL , an open source cryptography toolkit that provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols.
Note: Client-server TLS encryption is not supported for YEDIS.
Follow the steps in this section to learn how to enable encryption using TLS for a three-node YugabyteDB cluster.