From 1906a7311becb5f094fac88c2cf1ce4187597bff Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Mon, 22 Feb 2021 15:44:40 -0500 Subject: [PATCH] Fix some documentation that was not correct TLS listener docs were pulled from Vault but we don't actually have SIGHUP enabled yet. --- .../docs/configuration/listener/tcp.mdx | 21 +++++++------------ 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/website/content/docs/configuration/listener/tcp.mdx b/website/content/docs/configuration/listener/tcp.mdx index 8a27c6631f..f46665712c 100644 --- a/website/content/docs/configuration/listener/tcp.mdx +++ b/website/content/docs/configuration/listener/tcp.mdx @@ -25,7 +25,7 @@ allowed. ## `tcp` Listener Parameters - `purpose` `(string: "")` - Specifies the purpose. Can be `api`, `cluster`, or -`proxy`. + `proxy`. - `address` `(string: "127.0.0.1:9200")` – Specifies the address to bind to for listening. @@ -63,30 +63,25 @@ allowed. assumes TLS by default, so you must explicitly disable TLS to opt-in to insecure communication. -- `tls_cert_file` `(string: , reloads-on-SIGHUP)` – +- `tls_cert_file` `(string: ` – Specifies the path to the certificate for TLS. To configure the listener to use a CA certificate, concatenate the primary certificate and the CA certificate together. The primary certificate should appear first in the - combined file. On `SIGHUP`, the path set here _at Boundary startup_ will be used - for reloading the certificate; modifying this value while Boundary is running - will have no effect for `SIGHUP`s. + combined file. -- `tls_key_file` `(string: , reloads-on-SIGHUP)` – +- `tls_key_file` `(string: ` – Specifies the path to the private key for the certificate. If the key file is encrypted, you will be prompted to enter the passphrase on server startup. - The passphrase must stay the same between key files when reloading your - configuration using `SIGHUP`. On `SIGHUP`, the path set here _at Boundary - startup_ will be used for reloading the certificate; modifying this value - while Boundary is running will have no effect for `SIGHUP`s. - `tls_min_version` `(string: "tls12")` – Specifies the minimum supported version of TLS. Accepted values are "tls10", "tls11", "tls12" or "tls13". ~> **Warning**: TLS 1.1 and lower are generally considered insecure. -- `tls_cipher_suites` `(string: "")` – Specifies the list of supported - ciphersuites as a comma-separated-list. The list of all available ciphersuites - is available in the [Golang TLS documentation][golang-tls]. +- `tls_cipher_suites` `(string: "")` – Override the default list of supported + ciphersuites (which varies by TLS version) with the the specified + comma-delimited list. The list of all available ciphersuites is available in + the [Golang TLS documentation][golang-tls]. - `tls_prefer_server_cipher_suites` `(string: "false")` – Specifies to prefer the server's ciphersuite over the client ciphersuites.