From ddce2a105ee519f2066615f775e956592349e235 Mon Sep 17 00:00:00 2001
From: lysu <sulifx@gmail.com>
Date: Fri, 8 May 2020 20:59:34 +0800
Subject: [PATCH 1/2] cherry pick #2998 to release-3.0

Signed-off-by: sre-bot <sre-bot@pingcap.com>
---
 how-to/secure/enable-tls-clients.md | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/how-to/secure/enable-tls-clients.md b/how-to/secure/enable-tls-clients.md
index 9cdaeaa7f949..ac25148b980a 100644
--- a/how-to/secure/enable-tls-clients.md
+++ b/how-to/secure/enable-tls-clients.md
@@ -135,18 +135,13 @@ TiDB 支持的 TLS 版本及密钥交换协议和加密算法由 Golang 官方
 
 ### 支持的密钥交换协议及加密算法
 
-- TLS\_RSA\_WITH\_RC4\_128\_SHA
-- TLS\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA
 - TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA
 - TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA
 - TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA256
 - TLS\_RSA\_WITH\_AES\_128\_GCM\_SHA256
 - TLS\_RSA\_WITH\_AES\_256\_GCM\_SHA384
-- TLS\_ECDHE\_ECDSA\_WITH\_RC4\_128\_SHA
 - TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA
 - TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA
-- TLS\_ECDHE\_RSA\_WITH\_RC4\_128\_SHA
-- TLS\_ECDHE\_RSA\_WITH\_3DES\_EDE\_CBC\_SHA
 - TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA
 - TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA
 - TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA256
@@ -155,5 +150,11 @@ TiDB 支持的 TLS 版本及密钥交换协议和加密算法由 Golang 官方
 - TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_GCM\_SHA256
 - TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384
 - TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_GCM\_SHA384
+<<<<<<< HEAD
 - TLS\_ECDHE\_RSA\_WITH\_CHACHA20\_POLY1305
 - TLS\_ECDHE\_ECDSA\_WITH\_CHACHA20\_POLY1305
+=======
+- TLS\_AES\_128\_GCM\_SHA256
+- TLS\_AES\_256\_GCM\_SHA384
+- TLS\_CHACHA20\_POLY1305\_SHA256
+>>>>>>> 9bfe90d... how-to/secure: remove some week cipher suits (#2998)

From 33f2059d5839bf5dc6d1cf5d8bfce1fb310167db Mon Sep 17 00:00:00 2001
From: lysu <sulifx@gmail.com>
Date: Sat, 9 May 2020 10:51:30 +0800
Subject: [PATCH 2/2] address conflict:

tidb 3.0's goland also support TLS1.3 and three new 1.3 cipher suit
---
 how-to/secure/enable-tls-clients.md | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/how-to/secure/enable-tls-clients.md b/how-to/secure/enable-tls-clients.md
index ac25148b980a..3e62d736e6c9 100644
--- a/how-to/secure/enable-tls-clients.md
+++ b/how-to/secure/enable-tls-clients.md
@@ -132,6 +132,7 @@ TiDB 支持的 TLS 版本及密钥交换协议和加密算法由 Golang 官方
 - TLS 1.0
 - TLS 1.1
 - TLS 1.2
+- TLS 1.3
 
 ### 支持的密钥交换协议及加密算法
 
@@ -150,11 +151,6 @@ TiDB 支持的 TLS 版本及密钥交换协议和加密算法由 Golang 官方
 - TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_GCM\_SHA256
 - TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384
 - TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_GCM\_SHA384
-<<<<<<< HEAD
-- TLS\_ECDHE\_RSA\_WITH\_CHACHA20\_POLY1305
-- TLS\_ECDHE\_ECDSA\_WITH\_CHACHA20\_POLY1305
-=======
 - TLS\_AES\_128\_GCM\_SHA256
 - TLS\_AES\_256\_GCM\_SHA384
 - TLS\_CHACHA20\_POLY1305\_SHA256
->>>>>>> 9bfe90d... how-to/secure: remove some week cipher suits (#2998)