From 069a6f5de5667260497eedbec1c42940af075f8b Mon Sep 17 00:00:00 2001 From: Juerg Ritter Date: Wed, 27 Jan 2021 22:32:49 +0100 Subject: [PATCH] fix min max TLS version configuration --- modules/ossm-security-mtls.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/ossm-security-mtls.adoc b/modules/ossm-security-mtls.adoc index b68fd648bef7..003729ee1e96 100644 --- a/modules/ossm-security-mtls.adoc +++ b/modules/ossm-security-mtls.adoc @@ -87,16 +87,16 @@ spec: [id="ossm-security-min-max-tls_{context}"] == Setting the minimum and maximum protocol versions -If your environment has specific requirements for encrypted traffic in your service mesh, you can control the cryptographic functions that are allowed by setting the `spec.istio.global.tls.minProtocolVersion` or `spec.istio.global.tls.maxProtocolVersion` in your `ServiceMeshControlPlane` resource. Those values, configured in your control plane resource, define the minimum and maximum TLS version used by mesh components when communicating securely over TLS. +If your environment has specific requirements for encrypted traffic in your service mesh, you can control the cryptographic functions that are allowed by setting the `spec.security.controlPlane.tls.minProtocolVersion` or `spec.security.controlPlane.tls.maxProtocolVersion` in your `ServiceMeshControlPlane` resource. Those values, configured in your control plane resource, define the minimum and maximum TLS version used by mesh components when communicating securely over TLS. [source,yaml] ---- kind: ServiceMeshControlPlane spec: - istio: - global: + security: + controlPlane: tls: - minProtocolVersion: TLSv1_0 + minProtocolVersion: TLSv1_2 ---- The default is `TLS_AUTO` and does not specify a version of TLS.