3.0 uri params

Author: andreyaksenov

doc/code_snippets/snippets/replication/instances.enabled/ssl/README.md

@@ -0,0 +1,11 @@
+# SSL
+
+A sample application demonstrating how to enable TLS traffic encryption for connections between replica set peers.
+
+## Running
+
+To start all instances, execute the following command in the [replication](../../../replication) directory:
+
+```console
+$ tt start ssl
+```

doc/code_snippets/snippets/replication/instances.enabled/ssl/certs/generate.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -xeuo pipefail
+
+# 1. Generate a root CA key.
+openssl genrsa -out root_ca.key 2048
+
+# 2. Generate a root CA certificate.
+openssl req -x509 -new -key root_ca.key -days 365 -out root_ca.crt -subj "/C=US/CN=Example-Root-CA"
+
+# 3. Generate server keys encrypted using different passphrases.
+openssl genrsa -aes256 -passout pass:'qwerty' -out server001.key 2048
+openssl genrsa -aes256 -passout pass:'123456' -out server002.key 2048
+openssl genrsa -aes256 -passout pass:'topsecret' -out server003.key 2048
+
+# 4. Create certificate signing requests based on server keys.
+openssl req -new -key server001.key -passin pass:'qwerty' -subj "/C=US/ST=State/L=City/O=Example-Certificates/CN=server001/" -out server001.csr
+openssl req -new -key server002.key -passin pass:'123456' -subj "/C=US/ST=State/L=City/O=Example-Certificates/CN=server002/" -out server002.csr
+openssl req -new -key server003.key -passin pass:'topsecret' -subj "/C=US/ST=State/L=City/O=Example-Certificates/CN=server003/" -out server003.csr
+
+# 5. Generate server certificates.
+openssl x509 -req -in server001.csr -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") -days 365 -CA root_ca.crt -CAkey root_ca.key -CAcreateserial -out server001.crt
+openssl x509 -req -in server002.csr -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") -days 365 -CA root_ca.crt -CAkey root_ca.key -CAcreateserial -out server002.crt
+openssl x509 -req -in server003.csr -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") -days 365 -CA root_ca.crt -CAkey root_ca.key -CAcreateserial -out server003.crt
+
+cp server001.crt server001.key instance001
+cp server002.crt server002.key instance002
+cp server003.crt server003.key instance003
+
+rm -rf root_ca.key server*

doc/code_snippets/snippets/replication/instances.enabled/ssl/certs/instance001/server001.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdDCCAlygAwIBAgIUZ3UUfbU+PVMvCBz6V60Cdhhlmi8wDQYJKoZIhvcNAQEL
+BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAgFw0y
+NDAxMDkxMDIwMjlaGA8yMTAwMDEwMTEwMjAyOVowXzELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MR0wGwYDVQQKDBRFeGFtcGxlLUNl
+cnRpZmljYXRlczESMBAGA1UEAwwJc2VydmVyMDAxMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAjV8WYiwj6pKhdvhd5JHKiRWsPH8DldGkuC22WYYqW4pG
+4jwIgbHK4XDw7dtIKiTp5j1hxswPYfelwT4PswvvUt2ZTuWrC2wxH7gUeX3WOoRV
+GuQWvz5jwyZecGKa0D9a/0e/MedcqyNY8e15qUfFZXOg74hCp1VtXGJLtJ3ttL2Z
+JXCXK+tLKbn5hK5XnyksHbd0yhHbfv3WgbyIJHkPf9Ld1McmvlJOsP/pYM31L3Pv
+KS/NYtjC7ZrxGNYwmry+9ECfsqvdrR3WOSPc7x6XDluqQhsBpR5L5yMBD7/Pmdmh
+85QO89FpuE2fZbzbBgOAIv74m1+9vVo0bl9GQ5ItdQIDAQABo14wXDAaBgNVHREE
+EzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0OBBYEFLRPcYdn/ZzyvTICSE4eHkpq
+Yo2uMB8GA1UdIwQYMBaAFMcoPooETZGmQ44FaE298f3LsrBDMA0GCSqGSIb3DQEB
+CwUAA4IBAQCu2eVNEPiCgH2oEpieb5O3+H13RGt7K0OG8xIdrScLm8g7UP964uqS
+V8svDodF++o/zBtL2ebbeTL7+cqW8Oz3NZrBiUmRdXUrGncpT26wNut8pppV9C8c
+O533Mu0yPLXguoykE67BMiZ0aXafvCxEWj0d5Ml1BlIucaZ7HJY+C4JMeX/T27OQ
+u4jrvNLykyfWu7aIquhKcxuzdMo7rFRGOR01738M0/Sp4a952of1lFuv/macgttQ
+6M5oWW/XgNwbbcTnN7oCv4aTK7QOoi3NZfAD723hq9AQLTZD/Nl+xkMBDMNiDc3R
+9r39ptN92K3YkAHaULLyk+c14Wox4f7N
+-----END CERTIFICATE-----

doc/code_snippets/snippets/replication/instances.enabled/ssl/certs/instance001/server001.key

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIoIzCBu75OnUCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBAGERLT6LYhWrk4nTQ2rAfEBIIE
+0Awkcsj9RAgl07YEFq0YrhjBmLw4xg++qKFBm5TKwwBBpzNLkefqzOoY9wRAQZF6
+vhgGg87rEUwWaKhyhVI2yq0osKtIz4wrC+VWdB5G4eMVRYes8f1DSXHBRksTs314
+QTF1TY+0mecGmEBQ0iOvE5Z4EcxZMUeZimMEb4nXnGVdkz+tskcru5Br9a7iArC0
+hp7ibf71J4KnQAS/rBiUBVBpDaE5tdNo0mU8Icy11vg/YkykTwZ5qeO3VLsHho5/
+nOsv7CB6UbGnVJCsQckFViJTDJvyyrmJ6urfqvPMLG5u/0sIWTDfYnPrTQOibt+N
+XcvqrgZ09xLzLrgrqZ8E8nHX1xQ1w3m4TWKnXlM0enpzKp+BTMRTdly3V45asvpa
+cUlbZjX+ktW0c/bsq91DU79uy5MZuOiX3BpPFeMgreES2YIjOYo1pYloHeAw3tGG
+rfXYVuPo9IfrdkXmfq9LpqPcB5zsqkAAomPpLLfb2B/gisUZZ//Y+BAEaGOlwWoa
+81JrM363jt8U11up+6ahShwSjHol9QhqC1yEPgBVnpNbCj4ypzJxq9upnNjowvuL
+D4MhVdVf58ILkiybASTvW2IeilQf9N3scwQwiRq1duLqkrjDKD1AqxsJQobPVuV3
+YxYZ7JwwvWD86eMsvtnevT1mG9NFRfmxPD4xesvtv7OdYxQqrrkGYhOz9f3YQJiu
+EJBjq3HFnMmh9FFZ0W1I8OjnLKoN2z4XMo29HtPUX1sJpWM4wWAf+ZxABnO2kJyp
+xV6XvuhZU4V/seL+DGL6cT1b4Zg0gcc//RnlkeX3l9cE0Sqi3FKv4aKBG4/g41vR
+fNee0eB1O71rzwaNh4KYBgInNy70XjNnARxSC/KOd/el77Xv7hPKL9Wxah+B11Uc
+Csw6Ynj+Ea+HrifVBWeo7z5cqQ1ZXQD6DKWfdvujYNxwSLMpBpk5d9rX1gUvQHOU
+GmJjKp80Wrr3eA9tuBBiMkp0ljBjbagDr8PGjRwO9LslzGAUdzDuqsqLVJz8vv2t
+uDxjYARmtQHCeG8VowpP3QmrbmNM2m7s4M5+G8ZhzAZCHvPXyEEItGMP9qcjNUk2
+Sqpkz3ZYPAtDFp+cx6raggULd1AWv2xJU0kvJULE8tyWev7AyZKz/buiG2Fib5WX
+oJAQwAymkP13eGvIXaWUybsO98TgtlcaNlNkvTdmAwZyuZlYYvH9yiV2vi4ldqdl
+irAVTWqiqDo9TiGRBR0QxuJPJciuJG5D+pOdIw6tU4XHq1RiikCYE9RMqiBddqlr
+5WB4j/ls0Mpqk6fvUkttEW6vovO1AQw80Ut5hifDu5hLM3CzqysTf0bbEgS7DcWg
+hpQghcIWFJuNIrR4o7zN9hHHyKg6oZKF35edDoEmEr8COd12vIzLezanNkTwKB1A
+7FKSpT1A/u3W0D2oPHrkd2mGEjYO8RDhScMsPQjTnHObzSQvX8wGIQDIE4rLD8me
+9nxcodr+gNO/rdvEnQ1JWD52jW+S4mkJM4EswIO56sGy60sq4YoEzyWCexGxoWwF
+lOrrX4vn2H6N++TPNBeWdnrT2L5BEKlbh0SHn74CPXXBNp6JqmdRUvTfHuC1C0jK
+7KQPwMleAeh969wMyGqZO+DGULNC0D+Apck9ZQ3Hb28E
+-----END ENCRYPTED PRIVATE KEY-----

doc/code_snippets/snippets/replication/instances.enabled/ssl/certs/instance002/server002.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdDCCAlygAwIBAgIUYnbNUm7f3GQuqcJUmOcYMY7vu2QwDQYJKoZIhvcNAQEL
+BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAgFw0y
+NDAxMDkxMDIwMjlaGA8yMTAwMDEwMTEwMjAyOVowXzELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MR0wGwYDVQQKDBRFeGFtcGxlLUNl
+cnRpZmljYXRlczESMBAGA1UEAwwJc2VydmVyMDAyMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAqjNtMpDuy9XXI6Ve7wFlHFvA0PZIIooobHqSNt7A4fPQ
+NgOvjSXi04o2dOCQ3Tz0ku5AMkx14ZLv13NMJNPWIO+jbuqIY0sTA7qxj7T2ykEW
+Dga9lWKTe4fFXNOITClImF2OKYlriCYXQ+UrUSRSYfaapc2byo94qQG6GqNC4RI9
+AsKSVlEXbOtwglTjA2gItBZ0URyCntddXek4JaUfdfDjY4RT1prNUniIaAT/8Xz5
+HPJR1jSJ8093mDdIBjDCwv7tY8N9dVtUOdV9k0q0JMgwaKv9rj93J1Esnew8uDiL
+UhEojYkRCZQ267csSnXghtl2ZVulcttJLhyeqQ7PUwIDAQABo14wXDAaBgNVHREE
+EzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0OBBYEFE+RD/crlhgQjup7dCT53kMG
+cfYDMB8GA1UdIwQYMBaAFMcoPooETZGmQ44FaE298f3LsrBDMA0GCSqGSIb3DQEB
+CwUAA4IBAQBXLD8RlbclU/w/ynL7Clr1EZRVaXtcvBNhzZMPG+N+cl9/OAbCc+K1
+zBqU9MC3+ftjCo0b1Gn+WelB0rBR43JMDbP/Lkwcn7GqJXk/KApG54ygSDxTasMj
+rmMuw8eES/7ndo+X/u/Jy71CFEJZbW15GKzv55fYE1LIOILLEepn3ikOn/1jujCZ
+3oSikIlcIVkQSXOoglT1VBsWlNjA5AynofCjyW8VKVTZGCBvoBx7kVPUg4yzK2dx
+gaIFosrqhV1v9ENfu+exErHDFyctsKsH34Tjjrkm+3hdseMjivBT8sOzWmTMNryk
+3QquTfdJbOMFw873ynIEj/Q9vHFT76Ae
+-----END CERTIFICATE-----

doc/code_snippets/snippets/replication/instances.enabled/ssl/certs/instance002/server002.key

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIg0PYOtHuXYsCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCSkBdX9Acur/mj1FWWXiiyBIIE
+0H4nMqNCCkvVkbBKBy+5khhbCxN0kLgseHIPP3oAo6phLrhAAkv0xKr3wv/mR6Zp
+3jQ2JHbOfGrduFckdCBU8tST621p6wdRLwm9MbeWNjjsuSCKH45y5w2jU3aXiLpz
+4AsbweoO9a260nR4Aq5DG1t8VrJpofCfmye9FjacNGbCAa6HINigGrlp25USoead
+sqqKf8Jl/g1729yzIB6WkTA9hXBxwz25BtgwSd+tUlvl6dYocKXCM6ljn/q25SgW
+ozNBfOkzX3S8g6ZXjx0SkMdbUjuTrgjl7mn5cVYdjx6VM9fJjalca0h4Gr0kdHFM
+z50D40Ha2O3HQ36ImKjlyzbZOjkIMpqOa6o7kH7jLlJLjYJo2+LocIr8/REw4Lgl
+DeahUAl6Iya4K67sJG61FGKhzuOuxWW/Ymsa1v2Yq80PsZS1IyAD7jmH7zrT8mNq
+0T82z/hQfY+vOo+1+VMmZd1azm5UHap/bsJ32e8GXszdjH2P6dMkymAykYQVtt4/
+W6+Q53tCNfmfbdzFNszzvRP5VjcDvUGtiD9gSLsqsFCh7GJlD8vXcrrOn61l3OLC
+0CR3X9VBqerMiUFmsT1g7HsSHTD1h0OX2DTkhAfM0P4QXemGGke9/LBRsYaN07XD
+akhs4jd++3hdMSWPSrm7JNx2BC2L+u4SyRdHnu7DtQ9DVPubwT63dhxMGkGzXOGK
+3x3payRlp96ckms27tiWnsiPfVe/CECS6YXK0PLONenbvVDQO31iWDcV2AgOd0nv
+OKUuC/oN37kY4P6J8MGao3zsmcfWxQSWjnImdnLsqtD6QxqyNH18Id2GOcwrkuoG
+3Jyi43rR5c6r6O0ldvCB+iFHizzIBWA6GpDmzRYRd7lJlkQJ0ihCozWOsPC1lKZu
+E3DiRwaTbGcOTOTJDHG6B3RE9YgZjZPkVVRYsPUp2e/flLr+2QZo3XyAFd9TJDOZ
+GlCGnjmKVT83gRmgTd5mMfI2lm6vJwWC1jAIYNVuAQNWf+ZKsPfhm6mr6n6Najxr
+lVPZOg+7loKxJLfcXIP3sItLCHT4Jc/rmn6/HwnFqrdFQDkIk/dPVYnIPZlCG24Z
+to8pmjFyK5qX15rjZKAacYpSIoYHo26wFnFGSGtikUZXFm5aTGCxKnf+gBQ1Zrtw
++d9hKnmef0zlozU2b8byPRFNqV0cBaXxccXc5WFWJY60PZ6wbEs8wkBUmOh06pcR
+IO4qX4RX1QRfSSldXNZ+3CFbUXT8u999DCCV/onw2NlbdqKiHQMoLhQQAWGReG1e
+xpXXU8lRBMpW3PGHsWsGlzNTb4DkasKfL3LPxDc8DzDGrlkudYxARI23lHhKAZEv
+WVqp00HiFA2n1HSqrdUjoBsnX5KzU5By4KgdS4pp8Le0vFStlq47257P3PUWEFnB
+BFTmdbd44kOZK4mDgpyH3hQMJesdYMr8wWxhAUPx6SLK9OvVKRiLjjC1AHJQI6lS
+umT8min1q88Pw9PfmL6speXYkPXD3PLms//bnqTI44rcptlWwmaZydW51cPc5CNA
+CMVAoUHgwpJe+t+JH2B/ShmIG+Vh4aCEer70ZG38g8lLTG/wQNs0Cmfv01R2B53K
+4bJY7jCy8YUnB+pEVohyWltI3rNkA27brnISIBVllPKn
+-----END ENCRYPTED PRIVATE KEY-----

doc/code_snippets/snippets/replication/instances.enabled/ssl/certs/instance003/server003.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdDCCAlygAwIBAgIUC2vN8EGo9naK0NawqRXTBdiR1BYwDQYJKoZIhvcNAQEL
+BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAgFw0y
+NDAxMDkxMDIwMjlaGA8yMTAwMDEwMTEwMjAyOVowXzELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MR0wGwYDVQQKDBRFeGFtcGxlLUNl
+cnRpZmljYXRlczESMBAGA1UEAwwJc2VydmVyMDAzMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAn51RtVj89wuf8lVjCiQ0UeIvkPO87YIO8O5b0G35IKuQ
+rRcanLifN8skooDs+oINzHpgp7tENy+uPynOuw02TJx+Li4JXX1XAX5v2WGWET2Y
+/VykmTzCFDovzAR+aVyarDONxRDvV1v86Hfee34mBxkWF8gz5cyTOZjtQMWKmaxZ
+jGSazuNcqet9XJYsUqRdCnxG+VRJTfGG7lnQ/+7sRE0BVqOaU+xOdRZCuHEUp99d
+NponYJUJa6UwL06abvS6OO0Ab81mBTnaev7hAjsfpY+SYItUfcRlc57yBESGGB0r
+ymQKy70KmK2vMUPGoS6YKE3sBXBJJdl/DOAe2v53FQIDAQABo14wXDAaBgNVHREE
+EzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0OBBYEFLal5fgbXAZz+Zg11+GEVbjT
+ed0oMB8GA1UdIwQYMBaAFMcoPooETZGmQ44FaE298f3LsrBDMA0GCSqGSIb3DQEB
+CwUAA4IBAQC2qhOwJ3ZtZ5wyvI7qKzQ0IHy3D01tjN80YnUXm1MLkc3Jt8N/6apT
+SvtS7o/IAmjlctoR2Xg4XTp0zgECgIWAQ07G9rGF5+i3au9ydTkFY3mjBEFCaa/6
+oet/MYSfx5JBfQoz4GkQk7qBesz1HTP19w10HFYH5HoLGkWkd3SITYnAn0aSzMvi
+ymstSd1O9/rFefIrPuSRuKAxsSdIH/L6q5LAmq/k4BM1WeV7zpjxcNc7+SdiiW22
+ZoXcPLYcKh9UsbYon//1lipvR+x/zB4t5YyaevbpaY4MRTASVHM7rF/szTQE5+VZ
+a9vz/3X+K9QrpCGqOyMzU8A6zcNeV3Kc
+-----END CERTIFICATE-----

doc/code_snippets/snippets/replication/instances.enabled/ssl/certs/instance003/server003.key

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI4hq3UcvHxeMCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBANIql3sdt63kUD9IS1h8uQBIIE
+0AyuJU6umXXNb8aO5UwcfJoeiVT6P0xr8guiPXNHx/hZpEE21RoHEUlqRgStLFqH
+AaeWOaPBNehqpcFnU34llM+XZMt7diL9nVkZFa5cePGuR6Od4ZE5S0xDmzyOpAbq
+Hvn3FhZtDih9nyZHZUFO7WFZFxQLLE6YU9GOW8UsHEBt8Z2zbn4eBaVUw81Elpv6
+uhpx0H+apmj+TcXehv7FvWxn64nOQSDICuK6Zwva3DC4Bc0OpRAhWKR81w0hdufK
+ej1mcANgGu/zTp3JJ9eGf1DX1TIB8nM7SXPVz+mDELZPu6U9kMBRoiQ8B24UEoRY
+4VHODLDOoL7X+vbAk4oJVRqPnR/FvaAmzSTu4quOjRKE2fhBYD4oe4UTdp+5GxPK
+4qcxS9eqe1/Jl4mPYCsM9oXdrRNVvk3lKPG63TVqEr6vrCfV+sogFYY/qY1sL81H
+vkHF5QjqLTdWiSI82HiqoczQKfvZXdqZWB32YPiiZhv9LyyuTdHzvijFNRW6X6xf
+Eng66BJ+S8TYr7ib+cUUy1OLyh5a6WAs/qsy2Fi02KOHN8BNfznwAqmJ14IbQrRQ
+JjYaHhTHm+FZFpU+if32mSPr/CjmGuzhGNlh+Pm+5udDOvVcqAE9ifAZ9G9f9jgd
+1vuTNOkWSwLcY2hs3vRN9VrDxbQ9PivB8Asr08F84KceJEaReN2CCiyCR++q95oH
+2imrrQLH5EXM6Xc2k5OnltrWSLzvA58bJ+KcHj+MvRMx7kTjDcTrOHL0/xbqeXzU
+TDaft8gGtudlFqy3/4kuV5Zp3E0Bgn/1WjUe8/VUJuYCX2ffhQVAc+Yum3o80Mu3
+RH7kEaZQeqnxC8qwiu6aOsqg3C74Hc+rguWeXnUV5Ysb3rcq1O50PGWEsey/+nxn
+7I8hgZFvJrlYs05jQu93/Hzps5jVuxluRzFHuZcEM1v/12jNnY/C7yQSWctZFdD4
+h7DnzGjPgD/CRd0V63ScciRDfofQtFcshMEJjtCiP2tzmCMB4S7VB1186JdTLWys
+u5OmQ76F2CcmBybksrx7dZyVB/z3gNB3/DObBVvVxn8z/WMqsoKjjXbJvHUBeo2W
+KnZY7VHMjhsRGTLcxfL8jeS2clkEl4qOO0d47HIFy90BmLLpWosC+ZX5AMsrX2x7
+xV6yfXBGU5JHXRrofvC3AH33GlHkQ1r6r5SDqLDQrAAMm0eqlOjmiNM151M1uORw
+m4r1csflKlIkWLwFVH1BIMmB8eGefyfS/4lXhx+UvvZKgFkJDJ3IJ0oHdj2zHiln
+sp2WIm/nh9wqDh7fvGP+b1skVFlrChuTtjNHa4Ye2QagWRgZfAZAh89HuMfclC5x
+0w971lLbnoC3iB7tjY8+J9Ye6Mzim6oZofROdBDxbDXraaYjcq/EezfFDPTUSpGx
+JtX2Cr4nq596TucXXwKjHBHnjfhUPdeLRWBRSidkyogjrW68tVUCUZ7a0/3a2wz1
+6hRLvKzxnMGXfr1cggtX8PapgIXNOLxkjmLPmoEEQLNqOSXzx7y+iLGPzYcj2Fe+
+gV93fIq1IbwEChOFTHa/WtoN+idhESqvPvH2PKnWmAB5ioLYDCIQ6BnKWdPflrYh
+mGfTg3YhOuwFmTkZPnvKux+yOLTDZfzeaMmBpdeQuHl3
+-----END ENCRYPTED PRIVATE KEY-----

doc/code_snippets/snippets/replication/instances.enabled/ssl/certs/root_ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAhmgAwIBAgIUTbG8/x5SNhhMkhq1/spUkvTNGtUwDQYJKoZIhvcNAQEL
+BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAgFw0y
+NDAxMDkxMDIwMjRaGA8yMTAwMDEwMTEwMjAyNFowJzELMAkGA1UEBhMCVVMxGDAW
+BgNVBAMMD0V4YW1wbGUtUm9vdC1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAL7K7lF5lXLunkNNI1ieuOgWyASA4fLNGxoGmZznwHCS3qVO2OmULy1Z
+tKYCDZdQLRfc1GRR+PepbU5XVZUSm0k3VRVgT6FXrml6WVIISfjti18tZeybQzpt
+c1HnnZk4prsq+pbckiCzFisg1xpG3CxyJUzrq010rKt1LGAeP32L0rI0yBBe08U6
+fSbX3kyGTl6bf3OIhpMVmg9VNB2LZm+FgEUG4OUpRT0yMk7Al+IxFt/R2TndfIhd
+ZHu4t/lJLqHzfFyvM6XVEThP8y5eJ9dF0Oz6jUcNC45Tw6t9ubOGnwBriWkgLtw9
+4VK0XwK4tRvVQgptd2xro/sHFW14Sa0CAwEAAaNTMFEwHQYDVR0OBBYEFMcoPooE
+TZGmQ44FaE298f3LsrBDMB8GA1UdIwQYMBaAFMcoPooETZGmQ44FaE298f3LsrBD
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGBnpnV8NoGoz8sF
+IjEFwF76rfYT/NhYEE5SV9zOGE5kgbFh1N1+lAlcFpULsxXm+6ULnMZbrKGTDCKS
+tD7XhPqTP5DHjxyXvD4VTZVgQ8NAUtttM+w8vdjIIHGHoQkdCo5QpGxqGZhlRCnM
+HFQwmeXFKalln4qfgpkBA92K8H2eK/7ZhnnAGh/bclgOV7KOknV/hs7cBuwYIHVP
+c7UCSyUMSkhujCysjRw5zjLiSM6bO8XFrVt0hOxZhV91mHXsIFZ2MopVIO4vPBHJ
+q1z2XTu49XOrY4+N+7Sk37wImjfE5BD+U3GTw2QfoFO4EHd2JvvfoqS6Q5BtQ1lp
+6OZswbA=
+-----END CERTIFICATE-----

doc/code_snippets/snippets/replication/instances.enabled/ssl/certs/ssl_passwords.txt

@@ -0,0 +1,3 @@
+qwerty
+123456
+topsecret

doc/code_snippets/snippets/replication/instances.enabled/ssl/config.yaml

@@ -0,0 +1,59 @@
+credentials:
+  users:
+    admin:
+      password: 'topsecret'
+      roles: [ super ]
+    replicator:
+      password: 'topsecret'
+      roles: [replication]
+
+iproto:
+  advertise:
+    peer:
+      login: replicator
+
+replication:
+  failover: manual
+
+groups:
+  group001:
+    replicasets:
+      replicaset001:
+        leader: instance001
+        instances:
+          instance001:
+            iproto:
+              listen:
+              - uri: '127.0.0.1:3301'
+                params:
+                  transport: 'ssl'
+                  ssl_ca_file: 'certs/root_ca.crt'
+                  ssl_cert_file: 'certs/instance001/server001.crt'
+                  ssl_key_file: 'certs/instance001/server001.key'
+                  ssl_password: 'qwerty'
+                  ssl_ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256'
+          instance002:
+            iproto:
+              listen:
+              - uri: '127.0.0.1:3302'
+                params:
+                  transport: 'ssl'
+                  ssl_ca_file: 'certs/root_ca.crt'
+                  ssl_cert_file: 'certs/instance002/server002.crt'
+                  ssl_key_file: 'certs/instance002/server002.key'
+                  ssl_password_file: 'certs/ssl_passwords.txt'
+                  ssl_ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256'
+          instance003:
+            iproto:
+              listen:
+              - uri: '127.0.0.1:3303'
+                params:
+                  transport: 'ssl'
+                  ssl_ca_file: 'certs/root_ca.crt'
+                  ssl_cert_file: 'certs/instance003/server003.crt'
+                  ssl_key_file: 'certs/instance003/server003.key'
+                  ssl_password_file: 'certs/ssl_passwords.txt'
+                  ssl_ciphers: 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256'
+
+app:
+  file: 'myapp.lua'

doc/code_snippets/snippets/replication/instances.enabled/ssl/instances.yml

@@ -0,0 +1,3 @@
+instance001:
+instance002:
+instance003:

doc/code_snippets/snippets/replication/instances.enabled/ssl/myapp.lua

@@ -0,0 +1,10 @@
+function connect()
+    local connection = require('net.box').connect({
+        uri = 'admin:[email protected]:3301',
+        params = { transport = 'ssl',
+                   ssl_cert_file = 'certs/instance001/server001.crt',
+                   ssl_key_file = 'certs/instance001/server001.key',
+                   ssl_password = 'qwerty' }
+    })
+    return connection
+end

doc/enterprise/security.rst

@@ -440,12 +440,11 @@ In the :ref:`next section <enterprise-iproto-encryption-config-sc>`, you can fin
 
     Example:
 
-    ..  code-block:: lua
-
-        c = require('net.box').connect({
-            uri = 'localhost:3301',
-            params = {transport = 'ssl'}
-        })
+    ..  literalinclude:: /code_snippets/snippets/replication/instances.enabled/ssl/myapp.lua
+        :language: lua
+        :start-at: net.box
+        :end-before: return connection
+        :dedent:
 
 *   ``ssl_key_file`` -- a path to a private SSL key file.
     Mandatory for a server.