Document how to enable SSL in public API

src/py/flwr/server/app.py

@@ -36,10 +36,12 @@ def start_server(  # pylint: disable=too-many-arguments
     strategy: Optional[Strategy] = None,
     grpc_max_message_length: int = GRPC_MAX_MESSAGE_LENGTH,
     force_final_distributed_eval: bool = False,
+    ssl_files: Optional[Tuple[bytes, bytes, bytes]] = None,
 ) -> History:
     """Start a Flower server using the gRPC transport layer.
 
-    Arguments:
+    Arguments
+    ---------
         server_address: Optional[str] (default: `"[::]:8080"`). The IPv6
             address of the server.
         server: Optional[flwr.server.Server] (default: None). An implementation
@@ -63,9 +65,34 @@ def start_server(  # pylint: disable=too-many-arguments
         force_final_distributed_eval: bool (default: False).
             Forces a distributed evaluation to occur after the last training
             epoch when enabled.
+        ssl_files : Tuple[bytes, bytes, bytes] (default: None)
+            Tuple containing root certificate, server certificate, and private key to
+            start a secure SSL/TLS server. The tuple is expected to have three bytes
+            elements in the following order:
 
-    Returns:
+                * CA certificate.
+                * server certificate.
+                * server private key.
+
+    Returns
+    -------
         hist: flwr.server.history.History. Object containing metrics from training.
+
+    Examples
+    --------
+    Starting an insecure server:
+
+    >>> start_server()
+
+    Starting a SSL/TLS-enabled server:
+
+    >>> start_server(
+    >>>     ssl_files=(
+    >>>         Path("/crts/root.pem").read_bytes(),
+    >>>         Path("/crts/localhost.crt").read_bytes(),
+    >>>         Path("/crts/localhost.key").read_bytes()
+    >>>     )
+    >>> )
     """
     initialized_server, initialized_config = _init_defaults(server, config, strategy)
 
@@ -74,12 +101,12 @@ def start_server(  # pylint: disable=too-many-arguments
         client_manager=initialized_server.client_manager(),
         server_address=server_address,
         max_message_length=grpc_max_message_length,
+        ssl_files=ssl_files,
     )
-    log(
-        INFO,
-        "Flower server running (insecure, %s rounds)",
-        initialized_config["num_rounds"],
-    )
+    num_rounds = initialized_config["num_rounds"]
+    ssl_status = "enabled" if ssl_files is not None else "disabled"
+    msg = f"Flower server running ({num_rounds} rounds)\nSSL/TLS is {ssl_status}"
+    log(INFO, msg)
 
     hist = _fl(
         server=initialized_server,

src/py/flwr/server/grpc_server/grpc_server.py

@@ -75,17 +75,15 @@ def start_grpc_server(
     max_message_length : int
         Maximum message length that the server can send or receive.
         Int valued in bytes. -1 means unlimited. (default: GRPC_MAX_MESSAGE_LENGTH)
-    ssl_files : Tuple[bytes, bytes, bytes]
-        Tuple containing root certificate, server certificate, and private key to start
-        a secure SSL/TLS server. The tuple is expected to have three byte string
+    ssl_files : Tuple[bytes, bytes, bytes] (default: None)
+        Tuple containing root certificate, server certificate, and private key to
+        start a secure SSL/TLS server. The tuple is expected to have three bytes
         elements in the following order:
 
             * CA certificate.
             * server certificate.
             * server private key.
 
-        (default: None)
-
     Returns
     -------
     server : grpc.Server