fix: remove vault_tls_prefer_server_cipher_suites

`vault_tls_prefer_server_cipher_suites` is deprecated and shows a warning message in the vault server logs: https://www.vaultproject.io/docs/configuration/listener/tcp Fixes: ansible-community#297
Axione · Nov 15, 2022 · fa5a7e6 · fa5a7e6
1 parent 405c3a0
commit fa5a7e6
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -289,7 +289,6 @@ vault_tcp_listeners:
     vault_tls_ca_file: '{{ vault_tls_ca_file }}'
     vault_tls_min_version: '{{ vault_tls_min_version }}'
     vault_tls_cipher_suites: '{{ vault_tls_cipher_suites }}'
-    vault_tls_prefer_server_cipher_suites: '{{ vault_tls_prefer_server_cipher_suites }}'
     vault_tls_require_and_verify_client_cert: '{{ vault_tls_require_and_verify_client_cert }}'
     vault_tls_disable_client_certs: '{{ vault_tls_disable_client_certs }}'
     # vault_x_forwarded_for_authorized_addrs: '{{ vault_x_forwarded_for_authorized_addrs }}'
@@ -966,12 +965,6 @@ available starting at Vault version 1.4.
 - [Comma-separated list of supported ciphersuites](https://www.vaultproject.io/docs/configuration/listener/tcp.html#tls_cipher_suites)
 - Default value: ""
 
-### `vault_tls_prefer_server_cipher_suites`
-
-- [Prefer server's cipher suite over client cipher suite](https://www.vaultproject.io/docs/configuration/listener/tcp.html#tls_prefer_server_cipher_suites)
-  - Can be overridden with `VAULT_TLS_PREFER_SERVER_CIPHER_SUITES` environment variable
-- Default value: false
-
 ### `vault_tls_require_and_verify_client_cert`
 
 - [Require clients to present a valid client certificate](https://www.vaultproject.io/docs/configuration/listener/tcp.html#tls_require_and_verify_client_cert)

diff --git a/templates/vault_main_configuration.hcl.j2 b/templates/vault_main_configuration.hcl.j2
@@ -28,7 +28,6 @@ listener "tcp" {
   {% if vault_tls_cipher_suites is defined and vault_tls_cipher_suites -%}
   tls_cipher_suites = "{{ l.vault_tls_cipher_suites}}"
   {% endif -%}
-  tls_prefer_server_cipher_suites = "{{ l.vault_tls_prefer_server_cipher_suites }}"
   {% if (l.vault_tls_require_and_verify_client_cert | bool) -%}
   tls_require_and_verify_client_cert = "{{ l.vault_tls_require_and_verify_client_cert | bool | lower}}"
   {% endif -%}