From 2b3fd833a3c065dc45e4bc018ae10bcedce06947 Mon Sep 17 00:00:00 2001
From: Seth Foster <fosterseth@users.noreply.github.com>
Date: Wed, 29 Mar 2023 19:19:40 -0400
Subject: [PATCH] Allow TLS 1.2 for Receptor connections (#1300)

- Required for FIPS environment where TLS 1.3 is
not supported
- TLS 1.3 can still be used if the nodes
both agree to use during handshake.
---
 roles/installer/templates/configmaps/config.yaml.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/installer/templates/configmaps/config.yaml.j2 b/roles/installer/templates/configmaps/config.yaml.j2
index d5230ee8..dd352c79 100644
--- a/roles/installer/templates/configmaps/config.yaml.j2
+++ b/roles/installer/templates/configmaps/config.yaml.j2
@@ -269,6 +269,7 @@ data:
         key: /etc/receptor/tls/receptor.key
         name: tlsclient
         rootcas: /etc/receptor/tls/ca/receptor-ca.crt
+        mintls13: false
     - work-signing:
         privatekey: /etc/receptor/signing/work-private-key.pem
         tokenexpiration: 1m