remove support for tls 1.1 and 1.0

Signed-off-by: Yang Keao <[email protected]>
pingcap · Feb 27, 2024 · 19afbfc · 19afbfc
1 parent a4521f7
commit 19afbfc
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/enable-tls-between-clients-and-servers.md b/enable-tls-between-clients-and-servers.md
@@ -8,7 +8,7 @@ aliases: ['/docs/dev/enable-tls-between-clients-and-servers/','/docs/dev/how-to/
 
 Non-encrypted connection between TiDB's server and clients is allowed by default, which enables third parties that monitor channel traffic to know the data sent and received between the server and the client, including query content and query results. If a channel is untrustworthy (such as if the client is connected to the TiDB server via a public network), then a non-encrypted connection is prone to information leakage. In this case, for security reasons, it is recommended to require an encrypted connection.
 
-The TiDB server supports the encrypted connection based on the TLS (Transport Layer Security). The protocol is consistent with MySQL encrypted connections and is directly supported by existing MySQL clients such as MySQL Client, MySQL Shell and MySQL drivers. TLS is sometimes referred to as SSL (Secure Sockets Layer). Because the SSL protocol has [known security vulnerabilities](https://en.wikipedia.org/wiki/Transport_Layer_Security), TiDB does not support SSL. TiDB supports the following protocols: TLSv1.0, TLSv1.1, TLSv1.2 and TLSv1.3.
+The TiDB server supports the encrypted connection based on the TLS (Transport Layer Security). The protocol is consistent with MySQL encrypted connections and is directly supported by existing MySQL clients such as MySQL Client, MySQL Shell and MySQL drivers. TLS is sometimes referred to as SSL (Secure Sockets Layer). Because the SSL protocol has [known security vulnerabilities](https://en.wikipedia.org/wiki/Transport_Layer_Security), TiDB does not support SSL. TiDB supports the following protocols: TLSv1.2 and TLSv1.3.
 
 When an encrypted connection is used, the connection has the following security properties:
 
@@ -131,8 +131,6 @@ The crypto policy for your operating system and the client library you are using
 
 ### Supported TLS versions
 
-- TLSv1.0 (disabled by default)
-- TLSv1.1 (disabled by default)
 - TLSv1.2
 - TLSv1.3
 

diff --git a/tidb-configuration-file.md b/tidb-configuration-file.md
@@ -415,7 +415,7 @@ Configuration items related to security.
 
 - Set the minimum TLS version for MySQL Protocol connections.
 - Default value: "", which allows TLSv1.2 or higher. Before TiDB v7.6.0, the default value allows TLSv1.1 or higher.
-- Optional values: `"TLSv1.0"`, `"TLSv1.1"`, `"TLSv1.2"` and `"TLSv1.3"`
+- Optional values: `"TLSv1.2"` and `"TLSv1.3"`. Before TiDB v8.0.0, `"TLSv1.0"` and `"TLSv1.1"` are also allowed.
 
 ### `auth-token-jwks` <span class="version-mark">New in v6.4.0</span>