TLS: Some redis.conf clarifications.

1 files changed, 10 insertions, 11 deletions

diff --git a/redis.conf b/redis.conf
index 07005cffe..3c7336747 100644
--- a/redis.conf
+++ b/redis.conf
@@ -155,23 +155,22 @@ tcp-keepalive 300
 # tls-ca-cert-file ca.crt
 # tls-ca-cert-dir /etc/ssl/certs
 
-# If TLS/SSL clients are required to authenticate using a client side
-# certificate, use this directive.
+# By default, clients (including replica servers) on a TLS port are required
+# to authenticate using valid client side certificates.
 #
-# Note: this applies to all incoming clients, including replicas.
+# It is possible to disable authentication using this directive.
 #
-# tls-auth-clients yes
+# tls-auth-clients no
 
-# If TLS/SSL should be used when connecting as a replica to a master, enable
-# this configuration directive:
+# By default, a Redis replica does not attempt to establish a TLS connection
+# with its master.
+#
+# Use the following directive to enable TLS on replication links.
 #
 # tls-replication yes
 
-# If TLS/SSL should be used for the Redis Cluster bus, enable this configuration
-# directive.
-#
-# NOTE: If TLS/SSL is enabled for Cluster Bus, mutual authentication is always
-# enforced.
+# By default, the Redis Cluster bus uses a plain TCP connection. To enable
+# TLS for the bus protocol, use the following directive:
 #
 # tls-cluster yes