From 6301e5a9d0560c1c5b9b71cd473929dcd2689f8d Mon Sep 17 00:00:00 2001 From: "Eric D. Schabell" Date: Mon, 23 Mar 2026 16:09:57 +0100 Subject: [PATCH] docs: administration: transport-security: add tls.verify_client_cert parameter - Documents new input-only TLS option for server-side client certificate verification (mutual TLS), added in commits 0b0118b9a and 04f6b5493 Signed-off-by: Eric D. Schabell --- administration/transport-security.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/administration/transport-security.md b/administration/transport-security.md index f962cd077..9cde6ea39 100644 --- a/administration/transport-security.md +++ b/administration/transport-security.md @@ -24,9 +24,10 @@ Both input and output plugins that perform Network I/O can optionally enable TLS | `tls.key_passwd` | Optional password for `tls.key_file` file. | _none_ | | `tls.max_version` | Specify the maximum version of TLS. | _none_ | | `tls.min_version` | Specify the minimum version of TLS. | _none_ | -| `tls.verify` | Force certificate validation. | `on` | -| `tls.vhost` | Hostname to be used for TLS SNI extension. | _none_ | -| `tls.verify_hostname` | Force TLS verification of host names. | `off` | +| `tls.verify` | Force certificate validation. | `on` | +| `tls.vhost` | Hostname to be used for TLS SNI extension. | _none_ | +| `tls.verify_hostname` | Force TLS verification of host names. | `off` | +| `tls.verify_client_cert` | Require and verify the TLS certificate presented by a connecting client. Enables mutual TLS (mTLS) for input plugins. Only applies to input plugins. | `off` | To use TLS on input plugins, you must provide both a certificate and a private key.