Encrypted data access
Couchbase Server client libraries support client-side encryption using the Secure Sockets Layer (SSL) protocol.
Encryption for data access is performed through client-server communication and view access.
SSL based client-server communication
Couchbase Server client libraries support client-side encryption using the SSL protocol by encrypting data in-flight between the client and the server. Secure client-server communication is provided with Couchbase clients released after version 2.0, and does not require configuration.
Client-server communication also allows for the cases where some of the clients communicate with the server using SSL, while the other clients do not.
To enable SSL on the client side, you need to get an SSL certificate from the Couchbase Server and then follow the steps specific to the client you are using.
To obtain the certificate, access the Couchbase Web Console, navigate toand copy the certificate.
The following clients support SSL:
SSL based view access
A new port 18092 is established for view access: https://couchbase_server:18092
Supported ciphersCouchbase Server uses the ciphers that are accepted by default by OpenSSL.
You can override this selection by setting the environment variable before starting Couchbase as follows:
COUCHBASE_SSL_CIPHER_LIST = < list of ciphers to accept >
Set the variable to COUCHBASE_SSL_CIPHER_LIST= MEDIUM, HIGH to include only medium- and high-security ciphers for your installation.For example, on the MAC OS these are: