From bda170a872430bd10f732655896b00524729dc29 Mon Sep 17 00:00:00 2001 From: Jason Martin Date: Wed, 20 Jul 2016 15:53:35 -0700 Subject: [PATCH] Escape verify_server_hostname angle-brackets --- website/source/docs/agent/options.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/source/docs/agent/options.html.markdown b/website/source/docs/agent/options.html.markdown index 98bf37a4f..91e031e3d 100644 --- a/website/source/docs/agent/options.html.markdown +++ b/website/source/docs/agent/options.html.markdown @@ -782,7 +782,7 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass * `verify_server_hostname` - If set to true, Consul verifies for all outgoing connections that the TLS certificate presented by the servers - matches "server.." hostname. This implies `verify_outgoing`. + matches "server.<datacenter>.<domain>" hostname. This implies `verify_outgoing`. By default, this is false, and Consul does not verify the hostname of the certificate, only that it is signed by a trusted CA. This setting is important to prevent a compromised client from being restarted as a server, and thus being able to perform a MITM attack