登陆VCS, 发现有一个alarm:
Alarm: Cluster TLS permissive
Description: Cluster TLS verification mode permits invalid certificates
建议Action:Change the cluster's TLS verification mode to Enforcing
参考Information:
Select the TLS verification mode for cluster communications.
Permissive does not verify certificates when establishing connections between peers. This option is less secure and raises a persistent alarm.
Enforcing mode will force peers to verify each others' certificates. Peers with mismatched or invalid certificates cannot cluster in this mode.
Default: Permissive
我这边VCS做的1+1热备,目前TLS verification mode设置的是Permissive模式,是否需按告警建议的action修改为Enforcing模式而不影响到业务?