From: Wouter Wijngaards Date: Mon, 7 Jan 2019 10:52:08 +0000 (+0000) Subject: - Document interaction between the tls-upstream option in the server X-Git-Tag: release-1.9.0rc1~57 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fe6eb5f665f2e8d9dd6fd4352cb16541aaeaa92c;p=thirdparty%2Funbound.git - Document interaction between the tls-upstream option in the server section and forward-tls-upstream option in the forward-zone sections. git-svn-id: file:///svn/unbound/trunk@5027 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index a640c50f0..602ae39c3 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 7 January 2018: Wouter - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN, and server tcp fastopen is enabled at compile time. + - Document interaction between the tls-upstream option in the server + section and forward-tls-upstream option in the forward-zone sections. 12 December 2018: Wouter - Fix for crash in dns64 module if response is null. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 0acce72ac..c18616273 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -440,6 +440,8 @@ TCP wireformat. The other server must support this (see \fBtls\-service\-key\fR). If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert to load CA certs, otherwise the connections cannot be authenticated. +This option enables TLS for all of them, but if you do not set this you can +configure TLS specifically for some forward zones with forward\-tls\-upstream. And also with stub\-tls\-upstream. .TP .B ssl\-upstream: \fI Alternate syntax for \fBtls\-upstream\fR. If both are present in the config