Skip to content

Commit

Permalink
docs: update config comments about tls default values (#15213)
Browse files Browse the repository at this point in the history 
* docs: update config comments about tls default values

fix default tls protocols

* Apply suggestions from code review

Co-authored-by: Andrew Wilkins <[email protected]>

* Update apm-server.yml

---------

Co-authored-by: Andrew Wilkins <[email protected]>
  • Loading branch information
@kruskall @axw
kruskall and axw authored Jan 13, 2025
1 parent a5447ff commit 89d45e4
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 34 deletions.
34 changes: 17 additions & 17 deletions apm-server.docker.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,8 @@ apm-server:
# It is recommended to use the provided keystore instead of entering the passphrase in plain text.
#key_passphrase: ''

# List of supported/valid protocol versions. By default TLS versions 1.1 up to 1.3 are enabled.
#supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3]
# List of supported/valid protocol versions. By default TLS versions 1.2 up to 1.3 are enabled.
#supported_protocols: [TLSv1.2, TLSv1.3]

# Configure cipher suites to be used for SSL connections.
# Note that cipher suites are not configurable for TLS 1.3.
Expand Down Expand Up @@ -261,9 +261,9 @@ apm-server:
# production environments is strongly discouraged.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# List of supported/valid TLS versions. By default all TLS versions 1.2 up to
# 1.3 are enabled.
#ssl.supported_protocols: [TLSv1.2, TLSv1.3]

# List of root certificates for HTTPS server verifications.
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Expand Down Expand Up @@ -397,9 +397,9 @@ output.elasticsearch:
# production environments is strongly discouraged.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# List of supported/valid TLS versions. By default all TLS versions 1.2 up to
# 1.3 are enabled.
#ssl.supported_protocols: [TLSv1.2, TLSv1.3]

# List of root certificates for HTTPS server verifications.
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Expand Down Expand Up @@ -517,9 +517,9 @@ output.elasticsearch:
# production environments is strongly discouraged.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# List of supported/valid TLS versions. By default all TLS versions 1.2 up to
# 1.3 are enabled.
#ssl.supported_protocols: [TLSv1.2, TLSv1.3]

# List of root certificates for HTTPS server verifications.
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Expand Down Expand Up @@ -676,9 +676,9 @@ output.elasticsearch:
# production environments is strongly discouraged.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# List of supported/valid TLS versions. By default all TLS versions 1.2 up to
# 1.3 are enabled.
#ssl.supported_protocols: [TLSv1.2, TLSv1.3]

# List of root certificates for HTTPS server verifications.
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Expand Down Expand Up @@ -924,9 +924,9 @@ output.elasticsearch:
# production environments is strongly discouraged.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# List of supported/valid TLS versions. By default all TLS versions 1.2 up to
# 1.3 are enabled.
#ssl.supported_protocols: [TLSv1.2, TLSv1.3]

# List of root certificates for HTTPS server verifications.
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Expand Down
34 changes: 17 additions & 17 deletions apm-server.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,8 @@ apm-server:
# It is recommended to use the provided keystore instead of entering the passphrase in plain text.
#key_passphrase: ''

# List of supported/valid protocol versions. By default TLS versions 1.1 up to 1.3 are enabled.
#supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3]
# List of supported/valid protocol versions. By default TLS versions 1.2 up to 1.3 are enabled.
#supported_protocols: [TLSv1.2, TLSv1.3]

# Configure cipher suites to be used for SSL connections.
# Note that cipher suites are not configurable for TLS 1.3.
Expand Down Expand Up @@ -261,9 +261,9 @@ apm-server:
# production environments is strongly discouraged.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# List of supported/valid TLS versions. By default all TLS versions 1.2 up to
# 1.3 are enabled.
#ssl.supported_protocols: [TLSv1.2, TLSv1.3]

# List of root certificates for HTTPS server verifications.
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Expand Down Expand Up @@ -397,9 +397,9 @@ output.elasticsearch:
# production environments is strongly discouraged.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# List of supported/valid TLS versions. By default all TLS versions 1.2 up to
# 1.3 are enabled.
#ssl.supported_protocols: [TLSv1.2, TLSv1.3]

# List of root certificates for HTTPS server verifications.
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Expand Down Expand Up @@ -517,9 +517,9 @@ output.elasticsearch:
# production environments is strongly discouraged.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# List of supported/valid TLS versions. By default all TLS versions 1.2 up to
# 1.3 are enabled.
#ssl.supported_protocols: [TLSv1.2, TLSv1.3]

# List of root certificates for HTTPS server verifications.
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Expand Down Expand Up @@ -676,9 +676,9 @@ output.elasticsearch:
# production environments is strongly discouraged.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# List of supported/valid TLS versions. By default all TLS versions 1.2 up to
# 1.3 are enabled.
#ssl.supported_protocols: [TLSv1.2, TLSv1.3]

# List of root certificates for HTTPS server verifications.
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Expand Down Expand Up @@ -924,9 +924,9 @@ output.elasticsearch:
# production environments is strongly discouraged.
#ssl.verification_mode: full

# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# List of supported/valid TLS versions. By default all TLS versions 1.2 up to
# 1.3 are enabled.
#ssl.supported_protocols: [TLSv1.2, TLSv1.3]

# List of root certificates for HTTPS server verifications.
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Expand Down

0 comments on commit 89d45e4

Please sign in to comment.