Support encryption of inter-node communication

[otoolep]

The TCP connections between each node -- the Raft connections -- should support encryption. This means support TLS encryption between nodes.

[mainframe]

+1 must have for production setups.
@otoolep - do I understand correctly that currently new node joining the cluster is not authenticated in any way? Could encryption of inter-node communication solve this problem as well? Like Consul/Serf does for example. Why not use Serf for cluster membership management and raft for data consistency?

[otoolep]

@mainframe --- correct, a new node joining the cluster is not authenticated by default though you can user-level permissions to exercise some control over this process:

https://github.com/rqlite/rqlite/blob/master/doc/SECURITY.md#user-level-permissions

You can therefore pass a password to node when it starts up, which is required by other nodes before accepting the join request. There are many other ways to lock down your cluster too.

As for using serf, I don't have that much experience with it, and anyway one of the main points of rqlite is simplicity -- a single binary, that clusters easily. Requiring a second system like serf would be a major complication.

[otoolep]

Top of tree now supports node-to-node encryption, and it will be part of the 4.0 release.