remove support for tls 1.1 and 1.0 (#16221)

pingcap · Feb 28, 2024 · 0ca50a6 · 0ca50a6
1 parent 596137d
commit 0ca50a6
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/enable-tls-between-clients-and-servers.md b/enable-tls-between-clients-and-servers.md
@@ -8,7 +8,7 @@ aliases: ['/docs/dev/enable-tls-between-clients-and-servers/','/docs/dev/how-to/
 
 By default, TiDB allows insecure connections between the server and clients. This enables third parties that monitor channel traffic to know and possibly modify the data sent and received between the server and the client, including query content and query results. If a channel is untrustworthy (such as if the client is connected to the TiDB server via a public network), an insecure connection is prone to information leakage. In this case, for security reasons, it is recommended to require a connection that is secured with TLS.
 
-The TiDB server supports secure connections based on the TLS (Transport Layer Security) protocol. The protocol is consistent with MySQL secure connections and is directly supported by existing MySQL clients such as MySQL Client, MySQL Shell and MySQL drivers. TLS is sometimes referred to as SSL (Secure Sockets Layer). Because the SSL protocol has [known security vulnerabilities](https://en.wikipedia.org/wiki/Transport_Layer_Security), TiDB does not support SSL. TiDB supports the following protocols: TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3.
+The TiDB server supports secure connections based on the TLS (Transport Layer Security) protocol. The protocol is consistent with MySQL secure connections and is directly supported by existing MySQL clients such as MySQL Client, MySQL Shell and MySQL drivers. TLS is sometimes referred to as SSL (Secure Sockets Layer). Because the SSL protocol has [known security vulnerabilities](https://en.wikipedia.org/wiki/Transport_Layer_Security), TiDB does not support SSL. TiDB supports the following protocols: TLSv1.2 and TLSv1.3.
 
 When a TLS secured connection is used, the connection has the following security properties:
 
@@ -138,8 +138,6 @@ The crypto policy for your operating system and the client library you are using
 
 ### Supported TLS versions
 
-- TLSv1.0 (disabled by default)
-- TLSv1.1 (disabled by default)
 - TLSv1.2
 - TLSv1.3
 

diff --git a/tidb-configuration-file.md b/tidb-configuration-file.md
@@ -419,7 +419,7 @@ Configuration items related to security.
 
 - Set the minimum TLS version for MySQL Protocol connections.
 - Default value: "", which allows TLSv1.2 or later versions. Before TiDB v7.6.0, the default value allows TLSv1.1 or later versions.
-- Optional values: `"TLSv1.0"`, `"TLSv1.1"`, `"TLSv1.2"` and `"TLSv1.3"`
+- Optional values: `"TLSv1.2"` and `"TLSv1.3"`. Before TiDB v8.0.0, `"TLSv1.0"` and `"TLSv1.1"` are also allowed.
 
 ### `auth-token-jwks` <span class="version-mark">New in v6.4.0</span>