Merge branch '2.2' into develop

2018-08-28 16:06:23 +03:00
parent 2f7ed85b3f 51ade9e6fe
commit 9a6f1b2044
9 changed files with 137 additions and 64 deletions
--- a/Documentation/Getting-Started/Configuration-Guide.md
+++ b/Documentation/Getting-Started/Configuration-Guide.md
@ -1534,8 +1534,20 @@ to `true` and provide the three files for `ssl_cert`, `ssl_key` and

 After this, MaxScale connections between the server and/or the client will be
 encrypted. Note that the database must be configured to use TLS/SSL connections
-if backend connection encryption is used. When client-side encryption is
-enabled, only encrypted connections to MaxScale can be created.
+if backend connection encryption is used.
+
+**Note:** MaxScale does not allow mixed use of TLS/SSL and normal connections on
+  the same port.
+
+If TLS encryption is enabled for a listener, any unencrypted connections to it
+will be rejected. MaxScale does this to improve security by preventing
+accidental creation on unencrypted connections.
+
+The separation of secure and insecure connections differs from the MariaDB
+server which allows both secure and insecure connections on the same port. As
+MaxScale is the gateway through which all connections go, in order to guarantee
+a more secure system MaxScale enforces a stricter security policy than what the
+server does.

 #### `ssl`