Included in redis.conf explicit explanation of tls-protocol defaults (#8193)

author: filipe oliveira <filipecosta.90@gmail.com> 2020-12-15 20:03:05 +0000
committer: GitHub <noreply@github.com> 2020-12-15 22:03:05 +0200
commit: 1f42bd70572c8e85fa431a66952c7b79eb182a87 (patch)
tree: 99562f227bc07ca12b83ad919edf0667046a2d16 /redis.conf
parent: 7993780dda22df01cebba42d16f805213d66e194 (diff)
download: redis-1f42bd70572c8e85fa431a66952c7b79eb182a87.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/redis.conf b/redis.conf
index 849f171bc..af4b4be1f 100644
--- a/redis.conf
+++ b/redis.conf
@@ -196,9 +196,12 @@ tcp-keepalive 300
 #
 # tls-cluster yes
 
-# Explicitly specify TLS versions to support. Allowed values are case insensitive
-# and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or
-# any combination. To enable only TLSv1.2 and TLSv1.3, use:
+# By default, only TLSv1.2 and TLSv1.3 are enabled and it is highly recommended
+# that older formally deprecated versions are kept disabled to reduce the attack surface.
+# You can explicitly specify TLS versions to support.
+# Allowed values are case insensitive and include "TLSv1", "TLSv1.1", "TLSv1.2",
+# "TLSv1.3" (OpenSSL >= 1.1.1) or any combination.
+# To enable only TLSv1.2 and TLSv1.3, use:
 #
 # tls-protocols "TLSv1.2 TLSv1.3"
author	filipe oliveira <filipecosta.90@gmail.com>	2020-12-15 20:03:05 +0000
committer	GitHub <noreply@github.com>	2020-12-15 22:03:05 +0200
commit	1f42bd70572c8e85fa431a66952c7b79eb182a87 (patch)
tree	99562f227bc07ca12b83ad919edf0667046a2d16 /redis.conf
parent	7993780dda22df01cebba42d16f805213d66e194 (diff)
download	redis-1f42bd70572c8e85fa431a66952c7b79eb182a87.tar.gz