From 0855561db08635eda313fb4bca423519f1f64efb Mon Sep 17 00:00:00 2001
From: James Bardin <j.bardin@gmail.com>
Date: Wed, 18 May 2022 13:05:36 -0400
Subject: [PATCH] group obsolete TLS features in upgrade guide

---
 website/docs/language/upgrade-guides/1-2.mdx | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/website/docs/language/upgrade-guides/1-2.mdx b/website/docs/language/upgrade-guides/1-2.mdx
index df2624870b..da0dbd0f1b 100644
--- a/website/docs/language/upgrade-guides/1-2.mdx
+++ b/website/docs/language/upgrade-guides/1-2.mdx
@@ -15,7 +15,7 @@ small number of users. Specifically, the following updates may require additiona
 * [terraform-credentials-env functionality is built into the Terraform CLI](#the-terraform-credentials-env-functionality-is-built-into-the-terraform-cli)
 * [Terraform requires Linux kernel 2.6.32 or later](#terraform-requires-linux-kernel-2-6-32-or-later)
 * [Remote servers must support TLSv1.2](#remote-servers-must-support-tlsv1-2)
-* [TLS Certificates signed with SHA-1 are no longer supported](#tls-certificates-signed-with-sha-1-are-no-longer-supported)
+* [Obsolete TLS features are no longer supported](#obsolete-tls-features-are-no-longer-supported)
 
 ## The `terraform-credentials-env` Functionality is Built Into the Terraform CLI
 
@@ -32,13 +32,15 @@ The Terraform runtime no longer supports Linux kernels prior to
 require distributions using kernel 2.6.32 or later. The CLI behavior on earlier
 kernel versions is undefined.
 
-## Remote Servers Must Support TLSv1.2
+## Obsolete TLS Features Are No Longer Supported
 
 Terraform now requires the server to support TLS v1.2 when making outgoing HTTPS or other TLS connections as a client. TLS v1.0 and v1.1 are no longer
 supported. All up-to-date servers should support TLS 1.2, and mainstream
 web browsers have required it since 2020.
 
-## TLS Certificates Signed With SHA-1 Are No Longer Supported
-
 Terraform will no longer accept CA certificates signed using the SHA-1 hash function when making outgoing HTTPS or other TLS connections as a client. Publicly-trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
 
+This change only affects requests made by Terraform Core itself, which includes
+provider installation, module installation, and interactions with your
+configured backend. Terraform provider plugins are separate programs which have
+their own rules about which TLS versions are supported.