MXS-2483: Update documentation and release notes

Updated documentation on how servers with TLS are created.

Documentation/Reference/MaxAdmin.md

@@ -1456,9 +1456,8 @@ You can alter server parameters with the `alter server` command. Any changes to
 the address or port of the server will take effect for new connections
 only. Changes to other parameters will take effect immediately.
 
-Please note that in order for SSL to be enabled for a created server, all of the
+Please note that SSL cannot be enabled via MaxAdmin in MaxScale 2.4. Please use
-required SSL parameters (`ssl`, `ssl_key`, `ssl_cert` and `ssl_ca_cert`) must be
+the MaxCtrl client or the REST API to create servers with SSL.
-given in the same command.
 
 ```
 alter server - Alter server parameters
@@ -1475,15 +1474,6 @@ address               Server address
 port                  Server port
 monuser               Monitor user for this server
 monpw                 Monitor password for this server
-ssl                   Enable SSL, value must be 'required'
-ssl_key               Path to SSL private key
-ssl_cert              Path to SSL certificate
-ssl_ca_cert           Path to SSL CA certificate
-ssl_version           SSL version
-ssl_cert_verify_depth Certificate verification depth
-
-To configure SSL for a newly created server, the 'ssl', 'ssl_cert',
-'ssl_key' and 'ssl_ca_cert' parameters must be given at the same time.
 
 Example: alter server my-db-1 address=192.168.0.202 port=3307
 ```

Documentation/Release-Notes/MaxScale-2.4.0-Release-Notes.md

@@ -45,14 +45,28 @@ improvement over the older MD5 hashing algorithm. New users will use the
 stronger algorithm but old users will continue using the weaker one. To upgrade
 administrative users, recreate the user.
 
-### REST API - Server creation
+### REST API
+
+#### Mandatory `protocol` parameter on server creation
 
 The `protocol` parameter must now always be defined when a server is
 created. The previously undocumented default value of `mariadbbackend` now must
 be explicitly defined when a server is created via the REST API.
 
+#### TLS on server creation
+
+To create encrypted connection to a server, the TLS parameters must be defined
+at server creation time. To enable TLS for a server that doesn't have it,
+destroy the old one and recreate it afterwards.
+
 ## Dropped Features
 
+### Enabling server TLS via MaxAdmin
+
+As TLS for servers must now be defined at creation time, enabling TLS at runtime
+via MaxAdmin is no longer possible. Use MaxCtrl to create servers with TLS
+enabled.
+
 ### `debugcli` and `telnetd`
 
 The `debugcli` router and the `telnetd` protocol module it uses have been

server/modules/routing/cli/debugcmd.cc

@@ -1643,19 +1643,9 @@ struct subcommand alteroptions[] =
         "port                        Server port\n"
         "monitoruser                 Monitor user for this server\n"
         "monitorpw                   Monitor password for this server\n"
-        "ssl                         Enable SSL, value must be 'required'\n"
-        "ssl_key                     Path to SSL private key\n"
-        "ssl_cert                    Path to SSL certificate\n"
-        "ssl_ca_cert                 Path to SSL CA certificate\n"
-        "ssl_version                 SSL version\n"
-        "ssl_cert_verify_depth       Certificate verification depth\n"
-        "ssl_verify_peer_certificate Peer certificate verification\n"
         "persistpoolmax              Persisted connection pool size\n"
         "persistmaxtime              Persisted connection maximum idle time\n"
         "\n"
-        "To configure SSL for a newly created server, the 'ssl', 'ssl_cert',\n"
-        "'ssl_key' and 'ssl_ca_cert' parameters must be given at the same time.\n"
-        "\n"
         "Example: alter server my-db-1 address=192.168.0.202 port=3307",
         {
             ARG_TYPE_SERVER, ARG_TYPE_STRING, ARG_TYPE_STRING, ARG_TYPE_STRING,