Amit,

Could you confirm that you will require *mutual* SSL auth, otherwise this
wouldn't require much of a change by clients.

If etcd.require_ssl:true, must a client present a cert?

Thank you,

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Tue, Sep 29, 2015 at 5:54 PM, Amit Gupta <agupta(a)pivotal.io> wrote:

Hi all,

Just wanted to give the community advance notice that we will be
introducing a change to the etcd configuration in cf-release, probably
within the week (probably cf v220+, we are currently on v218).

etcd can be configured to require ssl communication amongst servers, and
between servers and clients. Currently this defaults to false, but we will
be changing the default to true. We will include documentation on how to
generate certs, and where to put them in your stubs if you are using the
spiff tooling to generate deployment manifests. The BOSH-Lite dev
manifests will include certs by default, to make the dev workflow
especially easy.

Cheers,

Amit Gupta
Cloud Foundry PM, OSS Release Integration team