diff options
author | filipe oliveira <filipecosta.90@gmail.com> | 2020-12-15 20:03:05 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-15 22:03:05 +0200 |
commit | 1f42bd70572c8e85fa431a66952c7b79eb182a87 (patch) | |
tree | 99562f227bc07ca12b83ad919edf0667046a2d16 /redis.conf | |
parent | 7993780dda22df01cebba42d16f805213d66e194 (diff) | |
download | redis-1f42bd70572c8e85fa431a66952c7b79eb182a87.tar.gz |
Included in redis.conf explicit explanation of tls-protocol defaults (#8193)
Diffstat (limited to 'redis.conf')
-rw-r--r-- | redis.conf | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/redis.conf b/redis.conf index 849f171bc..af4b4be1f 100644 --- a/redis.conf +++ b/redis.conf @@ -196,9 +196,12 @@ tcp-keepalive 300 # # tls-cluster yes -# Explicitly specify TLS versions to support. Allowed values are case insensitive -# and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or -# any combination. To enable only TLSv1.2 and TLSv1.3, use: +# By default, only TLSv1.2 and TLSv1.3 are enabled and it is highly recommended +# that older formally deprecated versions are kept disabled to reduce the attack surface. +# You can explicitly specify TLS versions to support. +# Allowed values are case insensitive and include "TLSv1", "TLSv1.1", "TLSv1.2", +# "TLSv1.3" (OpenSSL >= 1.1.1) or any combination. +# To enable only TLSv1.2 and TLSv1.3, use: # # tls-protocols "TLSv1.2 TLSv1.3" |