From 89282f3e18724dfaf6710466f125bef129c754de Mon Sep 17 00:00:00 2001
From: James Blair <mail@jamesblair.net>
Date: Tue, 28 Mar 2023 08:09:28 +1300
Subject: [PATCH] Document defining ciphers in example etcd config file.

Signed-off-by: James Blair <mail@jamesblair.net>
---
 etcd.conf.yml.sample | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/etcd.conf.yml.sample b/etcd.conf.yml.sample
index 38d74bcb7935..d2077c202ab0 100644
--- a/etcd.conf.yml.sample
+++ b/etcd.conf.yml.sample
@@ -138,3 +138,11 @@ force-new-cluster: false
 
 auto-compaction-mode: periodic
 auto-compaction-retention: "1"
+
+# Limit etcd to a specific set of tls cipher suites
+cipher-suites: [
+  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+]