From d9068cd817cea9af3f582f67df5d9642fbb3ebea Mon Sep 17 00:00:00 2001
From: James Blair <mail@jamesblair.net>
Date: Wed, 29 Mar 2023 14:03:14 +1300
Subject: [PATCH] Document defining ciphers in example etcd config file.

Signed-off-by: James Blair <mail@jamesblair.net>
---
 etcd.conf.yml.sample | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/etcd.conf.yml.sample b/etcd.conf.yml.sample
index 38d74bcb7..f934f3059 100644
--- a/etcd.conf.yml.sample
+++ b/etcd.conf.yml.sample
@@ -138,3 +138,9 @@ force-new-cluster: false
 
 auto-compaction-mode: periodic
 auto-compaction-retention: "1"
+
+# Limit etcd to a specific set of tls cipher suites
+cipher-suites: [
+  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+]