Encryption in transit
YugabyteDB can be configured to protect data in transit using the following:
- Server-server encryption for intra-node communication between YB-Master and YB-TServer nodes.
- Client-server for communication between clients and nodes when using CLIs, tools, and APIs for YSQL and YCQL.
YugabyteDB supports Transport Layer Security (TLS) encryption based on OpenSSL (v. 1.0.2u or later), an open source cryptography toolkit that provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols.
Note: Client-server TLS encryption is not supported for YEDIS.
Follow the steps in this section to learn how to enable encryption using TLS for a three-node YugabyteDB cluster.