tls_disable_client_certs missing from listener tcp stanza
Closed this issue · 0 comments
manderson-it commented
Suggest to add conditional on new Boolean var (maybe vault_tls_disable_client_certs
) for tls_disable_client_certs
.
Currently not present at all, which makes Vault request client certificates from everyone. This is likely in most use-cases not required and can be problematic for LB health checks against Vault when the LB doesn't send Vault a proper cert.
tls_disable_client_certs = "false"