Skip to content

Keycloak docs state that only TLSv1.3 is used #43164

New issue
New issue
Closed
bug
#43420
Closed
Keycloak docs state that only TLSv1.3 is used#43164
bug
#43420
Assignees
shawkins
Labels
area/dist/quarkusarea/docskind/bugCategorizes a PR related to a bugpriority/normalrelease/26.2.10release/26.4.1release/26.5.0status/auto-bumpteam/cloud-native
@ahus1

Description

@ahus1
ahus1
opened on Oct 2, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

docs

Describe the bug

https://www.keycloak.org/server/enabletls#_configuring_tls_protocols states that only TLS 1.3 is used.

By default, Keycloak does not enable deprecated TLS protocols. If your client supports only deprecated protocols, consider upgrading the client. However, as a temporary work-around, you can enable deprecated protocols by running the following command:
...
To also allow TLSv1.2, use a command such as the following: kc.sh start --https-protocols=TLSv1.3,TLSv1.2.

But actually since #21912 both TLS 1.3+1.2 are enabled by default. Due to a bug in Quarkus even before both were enabled.

Version

main

Regression

  • The issue is a regression

Expected behavior

The docs should be consistent with the actual defaults.

Actual behavior

Outdated docs.

How to Reproduce?

Look at the docs.

Anything else?

I'll create a PR

Metadata

Metadata

Assignees

Labels

area/dist/quarkusarea/docskind/bugCategorizes a PR related to a bugpriority/normalrelease/26.2.10release/26.4.1release/26.5.0status/auto-bumpteam/cloud-native

Type

bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions