From 94406d19179b7e5ba615fd4f10de06b9b620cfb5 Mon Sep 17 00:00:00 2001 From: "Malte S. Stretz" Date: Wed, 1 Mar 2023 15:45:04 +0100 Subject: [PATCH] Add documentation for tls_max_version (#19398) --- website/content/docs/configuration/listener/tcp.mdx | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/website/content/docs/configuration/listener/tcp.mdx b/website/content/docs/configuration/listener/tcp.mdx index 9627219673d8..db2639c35764 100644 --- a/website/content/docs/configuration/listener/tcp.mdx +++ b/website/content/docs/configuration/listener/tcp.mdx @@ -133,6 +133,13 @@ default value in the `"/sys/config/ui"` [API endpoint](/vault/api-docs/system/co `tls_min_version` and `tls_max_version` parameters) are widely considered insecure. +- `tls_max_version` `(string: "tls13")` – Specifies the maximum supported + version of TLS. Accepted values are "tls10", "tls11", "tls12" or "tls13". + +~> **Warning**: TLS 1.1 and lower (`tls10` and `tls11` values for the + `tls_min_version` and `tls_max_version` parameters) are widely considered + insecure. + - `tls_cipher_suites` `(string: "")` – Specifies the list of supported ciphersuites as a comma-separated-list. The list of all available ciphersuites is available in the [Golang TLS documentation][golang-tls].