From 84308f68d55223d594838e8b75fa93eb40051b5b Mon Sep 17 00:00:00 2001 From: Matthias Hanel Date: Wed, 18 Nov 2020 17:57:03 -0500 Subject: [PATCH] clarify insecure This is the go documentation of the value that this configuration sets // InsecureSkipVerify controls whether a client verifies the // server's certificate chain and host name. // If InsecureSkipVerify is true, TLS accepts any certificate // presented by the server and any host name in that certificate. // In this mode, TLS is susceptible to man-in-the-middle attacks. // This should be used only for testing. InsecureSkipVerify bool --- nats-server/configuration/securing_nats/tls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nats-server/configuration/securing_nats/tls.md b/nats-server/configuration/securing_nats/tls.md index 68d47c0..d31b2a9 100644 --- a/nats-server/configuration/securing_nats/tls.md +++ b/nats-server/configuration/securing_nats/tls.md @@ -9,7 +9,7 @@ The NATS server uses modern TLS semantics to encrypt client, route, and monitori | `ca_file` | TLS [certificate authority file](tls.md#certificate-authorities). When not present, default to the system trust store. | | `cipher_suites` | When set, only the specified TLS cipher suites will be allowed. Values must match the golang version used to build the server. | | `curve_preferences` | List of TLS cipher curves to use in order. | -| `insecure` | Skip certificate verification. **NOT Recommended** | +| `insecure` | Skip certificate verification. This only applies to outgoing connections, NOT incoming client connections. **NOT Recommended** | | `timeout` | TLS handshake [timeout](tls.md#tls-timeout) in fractional seconds. Default set to `0.5` seconds. | | `verify` | If `true`, require and [verify](auth_intro/tls_mutual_auth.md#validating-a-client-certificate) client certificates. To support use by Browser, this option does not apply to monitoring. | | `verify_and_map` | If `true`, require and verify client certificates and [map](auth_intro/tls_mutual_auth.md#mapping-client-certificates-to-a-user) certificate values for authentication purposes. Does not apply to monitoring either. |