Hey there!
We followed the example in samples-server/tls/tls-simple at main · temporalio/samples-server · GitHub and the temporal docs but we could not find a way to enable tls for the traffic on the membership port and the worker grpc port. Only the other services seems to be working with mTLS.
On my example I have
worker:
rpc:
grpcPort: 7239
membershipPort: 6939
and there is no TLS on such ports
openssl s_client -showcerts -connect localhost:7239
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
openssl s_client -showcerts -connect localhost:6939
CONNECTED(00000003)
I’ve tried to look into the docs and the codebase but I could not find any place where TLS can be enabled there.
Can anybody clarify is it’s possible to do it? If not, what’s the unencrypted traffic there? Is it just encoded in some predictable way? Is there, potentially, sentitive data flowing?