I found some information about setting up clients to use SSL.
Where is the information about setting up XDCR on SSL only connections?
Where is the information about setting up different nodes between servers in the same cluster to only use SSL?
here you go;
for SSL only encryption you will need to close the non SSL ports with your firewall rules. For example: 8091, 8092 should not be allowed in favor of 18092 or 18092.
Based on your link, I think what you are saying is that:
XDCR requires a VPN or SSH tunnels to work securely?
And the only way to prevent remote traffic from getting to 8091 and 8092 require the firewall to do the blocking.
There is no way for the 8091 and 8092 to reject traffic from non-localhost?
That way I can have 2 layers of prevention and no single point of failure, in this case configuration of the firewall vs intelligence in couchbase to prevent unwanted connections.