From d35824b1faaa6557b182dbbdcf94dcc9a41aaa44 Mon Sep 17 00:00:00 2001
From: Hans Hasselberg <me@hans.io>
Date: Mon, 4 Mar 2019 15:42:04 +0100
Subject: [PATCH] default to tls 1.2 as promised. (#5340)

---
 agent/config/default.go                   | 2 +-
 website/source/docs/agent/options.html.md | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/agent/config/default.go b/agent/config/default.go
index f81385a58e..0d6fe3ff69 100644
--- a/agent/config/default.go
+++ b/agent/config/default.go
@@ -64,7 +64,7 @@ func DefaultSource() Source {
 		retry_interval_wan = "30s"
 		server = false
 		syslog_facility = "LOCAL0"
-		tls_min_version = "tls10"
+		tls_min_version = "tls12"
 
 		// TODO (slackpad) - Until #3744 is done, we need to keep these
 		// in sync with agent/consul/config.go.
diff --git a/website/source/docs/agent/options.html.md b/website/source/docs/agent/options.html.md
index 21a2fc807b..53ae2a5f72 100644
--- a/website/source/docs/agent/options.html.md
+++ b/website/source/docs/agent/options.html.md
@@ -1585,8 +1585,8 @@ default will automatically work with some tooling.
 
 * <a name="tls_min_version"></a><a href="#tls_min_version">`tls_min_version`</a> Added in Consul
   0.7.4, this specifies the minimum supported version of TLS. Accepted values are "tls10", "tls11"
-  or "tls12". This defaults to "tls10". WARNING: TLS 1.1 and lower are generally considered less
-  secure; avoid using these if possible. This will be changed to default to "tls12" in Consul 0.8.0.
+  or "tls12". This defaults to "tls12". WARNING: TLS 1.1 and lower are generally considered less
+  secure; avoid using these if possible.
 
 * <a name="tls_cipher_suites"></a><a href="#tls_cipher_suites">`tls_cipher_suites`</a> Added in Consul
   0.8.2, this specifies the list of supported ciphersuites as a comma-separated-list. The list of all