status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-22 03:29:43 +00:00
Code Issues Projects Releases Wiki Activity

Update docs for tls_cipher_suites (#11070)

Browse Source
This commit is contained in:
Chris S. Kim 2021-10-21 16:41:51 -04:00 committed by GitHub
parent 0954d261ae
commit c0991f479f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
website/content/docs/agent/options.mdx
View File

@ -2252,13 +2252,19 @@ signed by the CA can be used to gain full access to Consul.
considered less secure; avoid using these if possible.
- `tls_cipher_suites` Added in Consul 0.8.2, this specifies the list of
supported ciphersuites as a comma-separated-list. The list of all supported
ciphersuites is available through
supported ciphersuites as a comma-separated-list. Applicable to TLS 1.2 and below only.
The list of all supported ciphersuites is available through
[this search](https://github.com/hashicorp/consul/search?q=cipherMap+%3A%3D+map&unscoped_q=cipherMap+%3A%3D+map).
~> **Note:** The ordering of cipher suites will not be guaranteed from Consul 1.11 onwards. See this
[post](https://go.dev/blog/tls-cipher-suites) for details.
- `tls_prefer_server_cipher_suites` Added in Consul 0.8.2, this
will cause Consul to prefer the server's ciphersuite over the client ciphersuites.
~> **Note:** This config will be deprecated in Consul 1.11. See this
[post](https://go.dev/blog/tls-cipher-suites) for details.
- `verify_incoming` - If set to true, Consul
requires that all incoming connections make use of TLS and that the client
provides a certificate signed by a Certificate Authority from the