|
|
|
|
@ -231,7 +231,7 @@ The options below are all specified on the command-line.
|
|
|
|
|
Like [`enable_script_checks`](#_enable_script_checks), but only enable them when |
|
|
|
|
they are defined in the local configuration files. Script checks defined in HTTP |
|
|
|
|
API registrations will still not be allowed. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- `-encrypt` ((#\_encrypt)) - Specifies the secret key to use for encryption |
|
|
|
|
of Consul network traffic. This key must be 32-bytes that are Base64-encoded. The |
|
|
|
|
@ -2261,9 +2261,11 @@ signed by the CA can be used to gain full access to Consul.
|
|
|
|
|
the hostname we declare. |
|
|
|
|
|
|
|
|
|
- `tls_min_version` Added in Consul 0.7.4, this specifies |
|
|
|
|
the minimum supported version of TLS. Accepted values are "tls10", "tls11", "tls12", |
|
|
|
|
or "tls13". This defaults to "tls12". WARNING: TLS 1.1 and lower are generally |
|
|
|
|
considered less secure; avoid using these if possible. |
|
|
|
|
the minimum supported version of TLS. Accepted values as of Consul 1.11.0 are "TLSv1_0", |
|
|
|
|
"TLSv1_1", "TLSv1_2", or "TLSv1_3". This defaults to "TLSv1_2". WARNING: TLS 1.1 and |
|
|
|
|
lower are generally considered less secure; avoid using these if possible. |
|
|
|
|
Deprecated values of "tls10", "tls11", "tls12" and "tls13" are currently still accepted |
|
|
|
|
but will emit a warning during configuration and will be removed in a future release. |
|
|
|
|
|
|
|
|
|
- `tls_cipher_suites` Added in Consul 0.8.2, this specifies the list of |
|
|
|
|
supported ciphersuites as a comma-separated-list. Applicable to TLS 1.2 and below only. |
|
|
|
|
|
Mike Morris
3 years ago