📝 Clarify the list of supported TLS cipher suites

Previously, the documentation linked to Golang's source code, which
can drift from the list of cipher suites supported by Consul. Consul
has a hard-coded mapping of string values to Golang cipher suites, so
this is a more direct source of truth to help users understand which
string values are accepted in the `tls_cipher_suites` configuration
value.
This commit is contained in:
Devin Canterberry 2018-03-13 09:25:03 -07:00
parent 3ed071b4a6
commit 84d650cc4a
No known key found for this signature in database
GPG Key ID: 46A3228937AB74EC
1 changed files with 2 additions and 1 deletions

View File

@ -1341,7 +1341,8 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass
* <a name="tls_cipher_suites"></a><a href="#tls_cipher_suites">`tls_cipher_suites`</a> Added in Consul * <a name="tls_cipher_suites"></a><a href="#tls_cipher_suites">`tls_cipher_suites`</a> Added in Consul
0.8.2, this specifies the list of supported ciphersuites as a comma-separated-list. The list of all 0.8.2, this specifies the list of supported ciphersuites as a comma-separated-list. The list of all
available ciphersuites is available in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go). supported ciphersuites is available in the [`tlsutil.ParseCiphers` source as the keys of the `cipherMap`
map](https://github.com/hashicorp/consul/blob/6378d607fd887327cfd1aadccf1ccb683da745b6/tlsutil/config.go#L363).
* <a name="tls_prefer_server_cipher_suites"></a><a href="#tls_prefer_server_cipher_suites"> * <a name="tls_prefer_server_cipher_suites"></a><a href="#tls_prefer_server_cipher_suites">
`tls_prefer_server_cipher_suites`</a> Added in Consul 0.8.2, this will cause Consul to prefer the `tls_prefer_server_cipher_suites`</a> Added in Consul 0.8.2, this will cause Consul to prefer the