tls_disable_client_certs missing from listener tcp stanza

Question

tls_disable_client_certs missing from listener tcp stanza

Closed this issue 4 years ago · 0 comments

Suggest to add conditional on new Boolean var (maybe vault_tls_disable_client_certs) for tls_disable_client_certs.
Currently not present at all, which makes Vault request client certificates from everyone. This is likely in most use-cases not required and can be problematic for LB health checks against Vault when the LB doesn't send Vault a proper cert.

tls_disable_client_certs = "false"