From 191561e44f78986ffcafa063870ea653ad0483d5 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Tue, 13 Feb 2024 09:01:03 -0800 Subject: [PATCH] docs: document behaviour of tls.https.verify_outgoing (#20555) * docs: document behaviour of tls.https.verify_outgoing At first it's not clear what verify_outgoing would do for the https listener as it seems like Consul agent's don't make https requests. Upon further investigation, it's clear that Consul agents do make https requests in the following scenarios: - to implement watches - to perform checks In the first scenario, this setting is used here: https://github.com/hashicorp/consul/blob/a1c8d4dd19caad13edf2d86441d1b7f9bbdc9c34/agent/config/runtime.go#L1725 In the second scenario, it's actually the internal_rpc setting that is used: https://github.com/hashicorp/consul/blob/a1c8d4dd19caad13edf2d86441d1b7f9bbdc9c34/tlsutil/config.go#L903 * Update website/content/docs/agent/config/config-files.mdx Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --------- Co-authored-by: David Yu Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> --- website/content/docs/agent/config/config-files.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx index 8e18f795f9..61f33037c1 100644 --- a/website/content/docs/agent/config/config-files.mdx +++ b/website/content/docs/agent/config/config-files.mdx @@ -2153,7 +2153,7 @@ specially crafted certificate signed by the CA can be used to gain full access t will not make use of TLS for outgoing connections. This applies to clients and servers as both will make outgoing connections. This setting does not apply to the gRPC interface as Consul makes no outgoing connections on this - interface. + interface. When set to true for the HTTPS interface, this parameter applies to [watches](/consul/docs/dynamic-app-config/watches), which operate by making HTTPS requests to the local agent. - `grpc` ((#tls_grpc)) Provides settings for the gRPC/xDS interface. To enable the gRPC interface you must define a port via [`ports.grpc_tls`](#grpc_tls_port).