@@ -12,7 +12,9 @@ TLS / SSL Connection Tab
1212 :depth: 1
1313 :class: singlecol
1414
15- The :guilabel:`TLS / SSL` tab allows you to connect deployments via TLS / SSL.
15+ The :guilabel:`TLS / SSL` tab allows you to connect deployments using TLS / SSL.
16+ For more information on :guilabel:`TLS / SSL`, see :manual:`TLS Options
17+ </reference/connection-string/#tls-options>`
1618
1719Procedure
1820---------
@@ -28,12 +30,86 @@ Procedure
2830
2931 .. step:: Click the :guilabel:`TLS / SSL` tab.
3032
31- You have the option to use a ``Default`` connection or to set the TLS / SSL
33+ You can leave TLS unset with the ``Default`` option or set the TLS / SSL
3234 connection ``On`` or ``Off``.
3335
34- Default
35- ~~~~~~~
36+ .. list-table::
37+ :header-rows: 1
38+ :widths: 40 80
39+
40+ * - Option
41+ - Description
3642
43+ * - Default
44+ - The ``Default`` option leaves the TLS option ``unset``. The
45+ ``Default / unset`` TLS /SSL option is enabled when using a
46+ :manual:`DNS seedlist
47+ (SRV) </reference/connection-string/#std-label-connections-dns-seedlist>`
48+ in the connection string. To learn more about the additional options
49+ available, see :ref:`<additional-tls>`.
3750
51+ * - On
52+ - Select the ``On`` option when using a DNS seedlist (SRV) in the
53+ connection string. When TLS / SSL Connection is ``On``, you can
54+ specify additional certificate options for your connection string.
55+ To see more on the additional certificate options available, see
56+ :ref:`<additional-tls>`.
57+
58+ * - Off
59+ - The ``Off`` option initiates a connection :guilabel:`without`
60+ TLS / SSL.
61+
62+ .. note::
63+
64+ It is recommended that users enable TLS / SSL to avoid security
65+ vulnerabilities.
66+
67+ .. _additional-tls:
68+
69+ Additional TLS / SSL Options
70+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71+
72+ When TLS is ``On`` you can specify the following:
73+
74+ .. list-table::
75+ :header-rows: 1
76+ :widths: 50 50
77+
78+ * - Option
79+ - Description
80+
81+ * - Certificate Authority
82+ - One or more certificate files from trusted Certificate Authorities
83+ to validate the certificate provided by the deployment.
84+
85+ * - Client Certificate
86+ - Specifies the location of a local .pem file that contains either
87+ the client's TLS/SSL X.509 certificate or the client's TLS/SSL
88+ certificate and key.
89+
90+ * - Client Key Password
91+ - If the *Client Private Key* is protected with a password,
92+ you must provide the password.
93+
94+ * - tlsInsecure
95+ - Disables various certificate validations.
96+
97+ * - tlsAllowInvalidHostnames
98+ - Disables hostname validation of the certificate presented by
99+ the the deployment.
100+
101+ * - tlsAllowInvalidCertificates
102+ - Disable the validation of the server certificates.
103+
104+ .. warning::
105+
106+ Enabling ``tlsInsecure``, ``tlsAllowInvalidHostnames``, and
107+ ``tlsAllowInvalidCertificates`` may cause a security vulnerabilty.
108+
109+ .. step:: (Optional) For advanced connection configuration options, click the :ref:`Advanced <advanced-connection-tab>` tab.
110+
111+ .. step:: Click Connect.
38112
113+ .. seealso::
39114
115+ To disconnect from your deployment, see :ref:`<disconnect-tab>`.
0 commit comments