default to tls 1.2 as promised. (#5340)

2019-03-04 15:42:04 +01:00 · 2019-03-04 15:42:04 +01:00 · 330b8aec69
parent 25a8ced090
commit 330b8aec69
2 changed files with 3 additions and 3 deletions
--- a/agent/config/default.go
+++ b/agent/config/default.go
@ -64,7 +64,7 @@ func DefaultSource() Source {
 		retry_interval_wan = "30s"
 		server = false
 		syslog_facility = "LOCAL0"
-		tls_min_version = "tls10"
+		tls_min_version = "tls12"

 		// TODO (slackpad) - Until #3744 is done, we need to keep these
 		// in sync with agent/consul/config.go.
--- a/website/source/docs/agent/options.html.md
+++ b/website/source/docs/agent/options.html.md
@ -1585,8 +1585,8 @@ default will automatically work with some tooling.

 * <a name="tls_min_version"></a><a href="#tls_min_version">`tls_min_version`</a> Added in Consul
  0.7.4, this specifies the minimum supported version of TLS. Accepted values are "tls10", "tls11"
-  or "tls12". This defaults to "tls10". WARNING: TLS 1.1 and lower are generally considered less
-  secure; avoid using these if possible. This will be changed to default to "tls12" in Consul 0.8.0.
+  or "tls12". This defaults to "tls12". WARNING: TLS 1.1 and lower are generally considered less
+  secure; avoid using these if possible.

 * <a name="tls_cipher_suites"></a><a href="#tls_cipher_suites">`tls_cipher_suites`</a> Added in Consul
  0.8.2, this specifies the list of supported ciphersuites as a comma-separated-list. The list of all