From 51527907ab9fb05c4b07468891f7f8441fbc2530 Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Thu, 31 Mar 2022 12:19:16 -0700 Subject: [PATCH] Recommend SNI with TLS in the terminating gateway docs --- .../docs/connect/config-entries/terminating-gateway.mdx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/website/content/docs/connect/config-entries/terminating-gateway.mdx b/website/content/docs/connect/config-entries/terminating-gateway.mdx index 8da3b20e6c..0c6a4bf56d 100644 --- a/website/content/docs/connect/config-entries/terminating-gateway.mdx +++ b/website/content/docs/connect/config-entries/terminating-gateway.mdx @@ -30,6 +30,9 @@ from the terminating gateway will be encrypted using one-way TLS authentication. and [private key](/docs/connect/config-entries/terminating-gateway#keyfile) are also specified connections from the terminating gateway will be encrypted using mutual TLS authentication. +~> Setting the `SNI` field is strongly recommended when enabling TLS to a service. If this field is not set, +Consul will not attempt to verify the Subject Alternative Name fields in the service's certificate. + If none of these are provided, Consul will **only** encrypt connections to the gateway and not from the gateway to the destination service.