Open NodyHub opened 2 years ago
As we from the product security team recommend in vault (#26, #43, #53), it would also be recommended to configure these parameter on the consul site.
Even is this configuration gets somewhen outdated from go version 1.17, it might take a while to migrate consul up from version 1.13.
It may be useful to consider using the
tls_prefer_server_cipher_suites
configuration option in the Helm-Chart. The default configures the Consul server to pick the client's preferred cipher suite instead of enforcing the server's preferred cipher suite.