zrhoffman commented on a change in pull request #4933:
URL: https://github.com/apache/trafficcontrol/pull/4933#discussion_r466521317
##########
File path: docs/source/admin/traffic_ops.rst
##########
@@ -443,6 +443,20 @@ This file deals with the configuration parameters of
running Traffic Ops itself.
:disabled_routes: A list of API route IDs to disable. Requests
matching these routes will receive a 503 response. To find the route ID for a
given path you would like to disable, run ``./traffic_ops_golang`` using the
:option:`--api-routes` option to view all the route information, including
route IDs and paths.
:ignore_unknown_routes: If ``false`` (default) return an error
and prevent startup if unknown route IDs are found. Otherwise, log a warning
and continue startup.
+ :min_tls_version: An optional field to set the minimum TLS version.
Integer value between 769 to 772.
+
+ +---------+------------------+
+ | Setting | Value |
+ +=========+==================+
+ | 769 | TLS v1 (Default) |
+ +---------+------------------+
+ | 770 | TLS v1.1 |
+ +---------+------------------+
+ | 771 | TLS v1.2 |
+ +---------+------------------+
+ | 772 | TLS v1.3 |
Review comment:
We should be accepting TLS version strings like `"1.3"`, `"1.2"`, etc.
and translate that string to a valid `int` ourselves when reading the config.
This is for `cdn.conf`, but for `riak.conf`, we already agreed to use version
strings like that. See @rawlinp's
[comment](https://github.com/apache/trafficcontrol/pull/4573#discussion_r400346222)
in #4573:
> 769, 770, etc are not very intuitive -- would it be better to use a string
or float that we translate into `tls.VersionTLS11` from the `tls` package in
the stdlib?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
