24 lines
1.1 KiB
Text
24 lines
1.1 KiB
Text
|
## Set to true/false to enforce TLS being enabled/disabled. If not set,
|
||
|
|
## enable TLS only if any of the other options are specified.
|
||
|
|
# tls_enable =
|
||
|
|
## Trusted root certificates for server
|
||
|
|
# tls_ca = "/path/to/cafile"
|
||
|
|
## Used for TLS client certificate authentication
|
||
|
|
# tls_cert = "/path/to/certfile"
|
||
|
|
## Used for TLS client certificate authentication
|
||
|
|
# tls_key = "/path/to/keyfile"
|
||
|
|
## Password for the key file if it is encrypted
|
||
|
|
# tls_key_pwd = ""
|
||
|
|
## Send the specified TLS server name via SNI
|
||
|
|
# tls_server_name = "kubernetes.example.com"
|
||
|
|
## Minimal TLS version to accept by the client
|
||
|
|
# tls_min_version = "TLS12"
|
||
|
|
## List of ciphers to accept, by default all secure ciphers will be accepted
|
||
|
|
## See https://pkg.go.dev/crypto/tls#pkg-constants for supported values.
|
||
|
|
## Use "all", "secure" and "insecure" to add all support ciphers, secure
|
||
|
|
## suites or insecure suites respectively.
|
||
|
|
# tls_cipher_suites = ["secure"]
|
||
|
|
## Renegotiation method, "never", "once" or "freely"
|
||
|
|
# tls_renegotiation_method = "never"
|
||
|
|
## Use TLS but skip chain & host verification
|
||
|
|
# insecure_skip_verify = false
|