From 1e02d599dc2a0643fcf82af42047adf07c78fe41 Mon Sep 17 00:00:00 2001
From: Yossi Gottlieb <yossigo@gmail.com>
Date: Wed, 5 Feb 2020 18:30:12 +0200
Subject: [PATCH] TLS: Some redis.conf clarifications.

---
 redis.conf | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/redis.conf b/redis.conf
index 07005cffe..3c7336747 100644
--- a/redis.conf
+++ b/redis.conf
@@ -155,23 +155,22 @@ tcp-keepalive 300
 # tls-ca-cert-file ca.crt
 # tls-ca-cert-dir /etc/ssl/certs
 
-# If TLS/SSL clients are required to authenticate using a client side
-# certificate, use this directive.
+# By default, clients (including replica servers) on a TLS port are required
+# to authenticate using valid client side certificates.
 #
-# Note: this applies to all incoming clients, including replicas.
+# It is possible to disable authentication using this directive.
 #
-# tls-auth-clients yes
+# tls-auth-clients no
 
-# If TLS/SSL should be used when connecting as a replica to a master, enable
-# this configuration directive:
+# By default, a Redis replica does not attempt to establish a TLS connection
+# with its master.
+#
+# Use the following directive to enable TLS on replication links.
 #
 # tls-replication yes
 
-# If TLS/SSL should be used for the Redis Cluster bus, enable this configuration
-# directive.
-#
-# NOTE: If TLS/SSL is enabled for Cluster Bus, mutual authentication is always
-# enforced.
+# By default, the Redis Cluster bus uses a plain TCP connection. To enable
+# TLS for the bus protocol, use the following directive:
 #
 # tls-cluster yes