keda-docs icon indicating copy to clipboard operation
keda-docs copied to clipboard

Published 20 hours ago verified publisher icon kedacore

Incorrect documentation regarding minimum version of TLS used

Open asobti opened this issue 6 months ago • 0 comments

https://keda.sh/docs/2.15/operate/cluster/#http-tls-min-version states that

By default, KEDA uses TLS1.2 as a minimum TLS version given it is the lowest version without vulnerabilities

whereas, https://keda.sh/docs/2.15/reference/faq/#how-do-i-run-keda-with-tls-v1.3-only states that

By default, Keda listens on TLS v1.1 and TLSv1.2, with the default Golang ciphersuites.

As per the code, the former (minimum TLS v1.2) is correct https://github.com/kedacore/keda/blob/09a4951478746ba0d95521b786439e58aeda179b/pkg/util/tls_config.go#L91-L110

Expected Behavior

Documentation should correctly state that a minimum version of TLSv1.2 is used

Actual Behavior

Documentation states that TLSv1.1 and v1.2 are used

asobti avatar Aug 15 '24 15:08 asobti