group obsolete TLS features in upgrade guide

This commit is contained in:
James Bardin 2022-05-18 13:05:36 -04:00
parent 6e70577a87
commit 0855561db0

View File

@ -15,7 +15,7 @@ small number of users. Specifically, the following updates may require additiona
* [terraform-credentials-env functionality is built into the Terraform CLI](#the-terraform-credentials-env-functionality-is-built-into-the-terraform-cli)
* [Terraform requires Linux kernel 2.6.32 or later](#terraform-requires-linux-kernel-2-6-32-or-later)
* [Remote servers must support TLSv1.2](#remote-servers-must-support-tlsv1-2)
* [TLS Certificates signed with SHA-1 are no longer supported](#tls-certificates-signed-with-sha-1-are-no-longer-supported)
* [Obsolete TLS features are no longer supported](#obsolete-tls-features-are-no-longer-supported)
## The `terraform-credentials-env` Functionality is Built Into the Terraform CLI
@ -32,13 +32,15 @@ The Terraform runtime no longer supports Linux kernels prior to
require distributions using kernel 2.6.32 or later. The CLI behavior on earlier
kernel versions is undefined.
## Remote Servers Must Support TLSv1.2
## Obsolete TLS Features Are No Longer Supported
Terraform now requires the server to support TLS v1.2 when making outgoing HTTPS or other TLS connections as a client. TLS v1.0 and v1.1 are no longer
supported. All up-to-date servers should support TLS 1.2, and mainstream
web browsers have required it since 2020.
## TLS Certificates Signed With SHA-1 Are No Longer Supported
Terraform will no longer accept CA certificates signed using the SHA-1 hash function when making outgoing HTTPS or other TLS connections as a client. Publicly-trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
This change only affects requests made by Terraform Core itself, which includes
provider installation, module installation, and interactions with your
configured backend. Terraform provider plugins are separate programs which have
their own rules about which TLS versions are supported.