Alan Christopher Thomas

Adding my comments from Slack regarding some configuration options that would be nice: > either deny or don't deny requests from clients who don't present valid certs (useful when you...

I wonder if sane defaults plus an "I know I'm doing a dangerous thing" option could help with domain fronting. That is, if your listener is configured in `Terminate` mode,...

@mmalone Actually, I wasn't trying to suggest `Terminate` and `Passthrough` as names for host verification, but rather trying to describe some possible default behaviors for those (existing) TLS mode options,...

@sourishkrout Related to #17, or is this still a separate issue (ie. .NET can terminate TLS on its own without IIS)?

Yes, we do! We have to add the intermediate to the root in MySQL clients, and we make mention of it on the server side, even though we don't bundle...

Good call!

We'll likely have different docs for different programming language clients (can break out separate issues). Any idea which client we should prioritize?

Fun stuff - https://redis.io/topics/encryption - https://github.com/antirez/redis/pull/4855

Going to just close this one out since they don't support it. :(

@sourishkrout Here's another one where TLS termination and auth isn't supported. Do we document the workarounds, like `stunnel`?