mirror of
https://github.com/moby/moby.git
synced 2026-01-11 10:41:43 +00:00
26d6c35b1b
Introduce the DOCKER_DISABLE_WEAK_CIPHERS environment variable to allow disabling weak TLS ciphers. When set to true, the daemon restricts TLS to a modern, secure subset of cipher suites, disabling known weak ciphers such as CBC-mode ciphers. This is intended as an edge-case option and is not exposed via a CLI flag or config option. By default, weak ciphers remain enabled for backward compatibility. Signed-off-by: Sopho Merkviladze <smerkviladze@mirantis.com>