- Document interaction between the tls-upstream option in the server

section and forward-tls-upstream option in the forward-zone sections. git-svn-id: file:///svn/unbound/trunk@5027 be551aaa-1e26-0410-a405-d3ace91eadb9
2024-09-21 06:37:08 +00:00 · 2019-01-07 10:52:08 +00:00 · 2019-01-07 10:52:08 +00:00 · fe6eb5f665
commit fe6eb5f665
parent 90b00dfe57
2 changed files with 4 additions and 0 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,6 +1,8 @@
 7 January 2018: Wouter
 	- On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN,
 	  and server tcp fastopen is enabled at compile time.
+	- Document interaction between the tls-upstream option in the server
+	  section and forward-tls-upstream option in the forward-zone sections.

 12 December 2018: Wouter
 	- Fix for crash in dns64 module if response is null.
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@ -440,6 +440,8 @@ TCP wireformat.  The other server must support this (see
 \fBtls\-service\-key\fR).
 If you enable this, also configure a tls\-cert\-bundle or use tls\-win\-cert to
 load CA certs, otherwise the connections cannot be authenticated.
+This option enables TLS for all of them, but if you do not set this you can
+configure TLS specifically for some forward zones with forward\-tls\-upstream.  And also with stub\-tls\-upstream.
 .TP
 .B ssl\-upstream: \fI<yes or no>
 Alternate syntax for \fBtls\-upstream\fR.  If both are present in the config