rob05c commented on a change in pull request #4933:
URL: https://github.com/apache/trafficcontrol/pull/4933#discussion_r466532935
##########
File path: docs/source/admin/traffic_ops.rst
##########
@@ -443,6 +443,20 @@ This file deals with the configuration parameters of
running Traffic Ops itself.
:disabled_routes: A list of API route IDs to disable. Requests
matching these routes will receive a 503 response. To find the route ID for a
given path you would like to disable, run ``./traffic_ops_golang`` using the
:option:`--api-routes` option to view all the route information, including
route IDs and paths.
:ignore_unknown_routes: If ``false`` (default) return an error
and prevent startup if unknown route IDs are found. Otherwise, log a warning
and continue startup.
+ :min_tls_version: An optional field to set the minimum TLS version.
Integer value between 769 to 772.
+
+ +---------+------------------+
+ | Setting | Value |
+ +=========+==================+
+ | 769 | TLS v1 (Default) |
+ +---------+------------------+
+ | 770 | TLS v1.1 |
+ +---------+------------------+
+ | 771 | TLS v1.2 |
+ +---------+------------------+
+ | 772 | TLS v1.3 |
Review comment:
Rather than adding `MinTLSVersion`, I think we should put the entire
`tls.Config` in the Config. We should do this for all Go apps. There are many
config settings in `tls.Config`, such as disabling H2, allows Ciphers, and
more.
If we keep adding individual options, every time we need something else,
it's a code change and a new version.
Whereas if we put `tls.Config` in the app config, it's just a config change
for users to add whatever they need with respect to TLS.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
