scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

enabling TLS 1.3 support for TCP listeners (#8305)

Browse Source 
* adding support for TLS 1.3 for TCP listeners

* removed test as CI uses go 1.12

* removed Cassandra support, added deprecation notice

* re-added TestTCPListener_tls13
This commit is contained in:
Gerardo Di Giacomo
2020-02-15 11:40:18 -08:00
committed by GitHub
parent d27374e5ca
commit 0e8c6c2171
13 changed files with 104 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/pages/docs/configuration/listener/tcp.mdx
View File

@@ -99,7 +99,7 @@ advertise the correct address to other nodes.
while Vault is running will have no effect for `SIGHUP`s.
- `tls_min_version` `(string: "tls12")` Specifies the minimum supported
version of TLS. Accepted values are "tls10", "tls11" or "tls12".
version of TLS. Accepted values are "tls10", "tls11", "tls12" or "tls13".
~> **Warning**: TLS 1.1 and lower are generally considered insecure.

2
website/pages/docs/configuration/service-registration/consul.mdx
View File

@@ -103,7 +103,7 @@ connection. You can read more about encrypting Consul connections on the
in Consul.
- `tls_min_version` `(string: "tls12")` Specifies the minimum TLS version to
use. Accepted values are `"tls10"`, `"tls11"` or `"tls12"`.
use. Accepted values are `"tls10"`, `"tls11"`, `"tls12"` or `"tls13"`.
- `tls_skip_verify` `(string: "false")` Disable verification of TLS certificates.
Using this option is highly discouraged.

2
website/pages/docs/configuration/storage/cassandra.mdx
View File

@@ -88,7 +88,7 @@ CREATE TABLE "vault"."entries" (
will be disabled for Cassandra. Defaults to `0`.
- `tls_min_version` `(string: "tls12")` - Minimum TLS version to use. Accepted
values are `tls10`, `tls11` or `tls12`. Defaults to `tls12`.
values are `tls10`, `tls11`, `tls12` or `tls13`. Defaults to `tls12`.
[cassandra]: http://cassandra.apache.org/
[replication-options]: https://docs.datastax.com/en/cassandra/2.1/cassandra/architecture/architectureDataDistributeReplication_c.html

2
website/pages/docs/configuration/storage/consul.mdx
View File

@@ -133,7 +133,7 @@ connection. You can read more about encrypting Consul connections on the
in Consul.
- `tls_min_version` `(string: "tls12")` Specifies the minimum TLS version to
use. Accepted values are `"tls10"`, `"tls11"` or `"tls12"`.
use. Accepted values are `"tls10"`, `"tls11"`, `"tls12"` or `"tls13"`.
- `tls_skip_verify` `(string: "false")` Disable verification of TLS certificates.
Using this option is highly discouraged.

2
website/pages/docs/configuration/storage/zookeeper.mdx
View File

@@ -78,7 +78,7 @@ znodes and, potentially, take Vault out of service.
Zookeeper communication.
- `tls_min_version` `(string: "tls12")` Specifies the minimum TLS version to
use. Accepted values are `"tls10"`, `"tls11"` or `"tls12"`.
use. Accepted values are `"tls10"`, `"tls11"`, `"tls12"` or `"tls13"`.
- `tls_skip_verify` `(bool: false)` Disable verification of TLS certificates.
Using this option is highly discouraged.