rancher-docs/archived_docs/en/version-2.5/reference-guides/installation-references/tls-settings.md at 551d60f1937130adcb1ee4b1027e88fa94de89b8

mirror of https://github.com/rancher/rancher-docs.git synced 2026-04-14 18:35:37 +00:00

Files

Lucas Saintarbor 8c76072fd2 Archive v2.5 docs (#1634 )

* Update docusaurus.config.js/Remove v2.5 redirects and update v2.5 label and path

* Update version-2.5-sidebars.json with notice

* Remove v2.5 files/Add v2.5 files to archived_docs folder

* Fix broken link

* Fix broken link/typo

* Fix broken links

2025-02-18 14:08:09 -08:00

1.5 KiB

Raw Blame History

title

title
TLS Settings

Changing the default TLS settings depends on the chosen installation method.

Running Rancher in a highly available Kubernetes cluster

When you install Rancher inside of a Kubernetes cluster, TLS is offloaded at the cluster's ingress controller. The possible TLS settings depend on the used ingress controller:

nginx-ingress-controller (default for RKE1 and RKE2): Default TLS Version and Ciphers.
traefik (default for K3s): TLS Options.

Running Rancher in a single Docker container

The default TLS configuration only accepts TLS 1.2 and secure TLS cipher suites. You can change this by setting the following environment variables:

Parameter	Description	Default	Available options
`CATTLE_TLS_MIN_VERSION`	Minimum TLS version	`1.2`	`1.0`, `1.1`, `1.2`, `1.3`
`CATTLE_TLS_CIPHERS`	Allowed TLS cipher suites	`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`	See Golang tls constants

1.5 KiB Raw Blame History

Running Rancher in a highly available Kubernetes cluster

Running Rancher in a single Docker container

1.5 KiB

Raw Blame History