PR for doc ticket Enforce TLS versions #7277 (#7306)

* Updated YB Platform files

* Deleted refs to TLS 1.3

docs/content/latest/yugabyte-platform/install-yugabyte-platform/install-software/airgapped.md

@@ -39,89 +39,91 @@ showAsideToc: true
 
 ## Install Replicated
 
-On a machine connected to the Internet, perform the following steps.
+On a computer connected to the Internet, perform the following steps:
 
-Make a directory for downloading the binaries.
+Make a directory for downloading the binaries by executing the following command:
 
 ```sh
 $ sudo mkdir /opt/downloads
 ```
 
-Change the owner user for the directory.
+Change the owner user for the directory by executing the following command:
 
 ```sh
 $ sudo chown -R ubuntu:ubuntu /opt/downloads
 ```
 
-Change to the directory.
+Change to the directory by executing the following command:
 
 ```sh
 $ cd /opt/downloads
 ```
 
-Download the `replicated.tar.gz` file.
+Download the `replicated.tar.gz` file by executing the following command:
 
 ```sh
 $ wget https://downloads.yugabyte.com/replicated.tar.gz
 ```
 
-Download the `yugaware` binary. Change this number as needed.
+Download the `yugaware` binary and change the following number, as required:
 
 ```sh
 $ wget https://downloads.yugabyte.com/yugaware-2.1.2.0-b10.airgap
 ```
 
-Change to the directory.
+Switch to the following directory:
 
 ```sh
 $ cd /opt/downloads
 ```
 
-Extract the `replicated` binary.
+Extract the `replicated` binary, as follows:
 
 ```sh
 $ tar xzvf replicated.tar.gz
 ```
 
-Install Replicated. If multiple options appear, select the `eth0` network interface. The `yugaware` binary will be installed using the replicated UI after the replicated installation completes.
+Install Replicated. If multiple options appear, select the `eth0` network interface, as follows. 
 
 ```sh
 $ cat ./install.sh | sudo bash -s airgap
 ```
 
-After Replicated finishes installing, make sure it is running.
+The `yugaware` binary is installed using the Replicated UI after the Replicated installation completes.
+
+After Replicated finishes installing, ensure that it is running by executing the following command:
 
 ```sh
 $ sudo docker ps
 ```
 
-You should see an output similar to the following.
+You should see an output similar to the following:
 
 ![Replicated successfully installed](/images/replicated/replicated-success.png)
 
-Next, install Yugabyte Platform as described in step 2.
+The next step is to install Yugabyte Platform..
 
-## Set up HTTPS (optional)
+## Set Up HTTPS (optional)
 
-Launch the Replicated UI by going to [http://yugaware-host-public-ip:8800](http://yugaware-host-public-ip:8800). The warning shown next states that the connection to the server is not private (yet). We will address this warning as soon as you configure HTTPS for the Replicated Admin Console in the next step. Click **Continue to Setup** and then **ADVANCED** to bypass this warning and go to the **Replicated Admin Console**.
+Launch the Replicated UI via [http://yugaware-host-public-ip:8800](http://yugaware-host-public-ip:8800). Expect to see a warning stating that the connection to the server is not yet private. This condition is resolved once HTTPS for the Replicated Admin Console is set up in the next step. Proceed by clicking **Continue to Setup** **>** **ADVANCED** to bypass the warning and access the **Replicated Admin Console**, as shown in the following illustration:
 
 ![Replicated SSL warning](/images/replicated/replicated-warning.png)
 
-You can provide your own custom SSL certificate along with a hostname.
+You can provide your own custom SSL certificate and a hostname, as shown in the following illustration:
 
 ![Replicated HTTPS setup](/images/replicated/replicated-https.png)
 
-The simplest option is use a self-signed cert for now and add the custom SSL certificate later. Note that you will have to connect to the Replicated Admin Console only using IP address (as noted below).
+It is recommended that you start with using a self-signed certificate, and then add the custom SSL certificate later. Note that in this case you connect to the Replicated Admin Console using an IP address, as shown in the following illustration:
 
 ![Replicated Self Signed Cert](/images/replicated/replicated-selfsigned.png)
 
-## Upload license file
+## Upload the License File
 
-Now, upload the Yugabyte license file received from [Yugabyte](https://www.yugabyte.com/platform/#request-trial-form).
+Upload the Yugabyte license file that you received from [Yugabyte](https://www.yugabyte.com/platform/#request-trial-form), as shown in the following illustration:
 
 ![Replicated License Upload](/images/replicated/replicated-license-upload.png)
 
-Two options to install Yugabyte Platform are presented.
+Two options to install Yugabyte Platform are presentedas, shown in the following illustrations:
 
 ![Replicated License Air-gapped Install](/images/replicated/replicated-license-airgapped-install-option.png)
 
@@ -131,16 +133,23 @@ Two options to install Yugabyte Platform are presented.
 
 ## Secure Replicated
 
-The next step is to add a password to protect the Replicated Admin Console (for Replicated use only and differs from the Yugabyte Platform console).
+Add a password to protect the Replicated Admin Console, which is different from the Admin Console for YugabyteDB used by Yugabyte Platform, as shown in the following illustration:
 
 ![Replicated Password](/images/replicated/replicated-password.png)
 
 ## Preflight checks
 
-Replicated will perform a set of preflight checks to ensure that the host is set up correctly for Yugabyte Platform.
+Replicated performs a set of preflight checks to ensure that the host is set up correctly for Yugabyte Platform, as shown in the following illustration:
 
 ![Replicated Checks](/images/replicated/replicated-checks.png)
 
-Clicking **Continue** above will bring you to the Yugabyte Platform configuration.
+Click **Continue** to configure Yugabyte Platform.
+
+If the preflight check fails, review the [Troubleshoot Yugabyte Platform](../../../troubleshoot/) to resolve the issue.
+
+## Set the TLS Version for Nginx Frontend 
+
+Specify TLS versions via **Application config**, as shown in the following illustration: 
+![Application Config](/images/replicated/application-config.png)
 
-In case the preflight check fails, review the [Troubleshoot Yugabyte Platform](../../../troubleshoot/) to identify the resolution.
+The recommended TLS version is 1.2 or later.

docs/content/latest/yugabyte-platform/install-yugabyte-platform/install-software/default.md

@@ -39,25 +39,23 @@ showAsideToc: true
 
 </ul>
 
-YugabyteDB universes and clusters are created and managed using the Yugabyte Platform. The default option to install Yugabyte Platform on a host machine that is connected to the Internet.
+YugabyteDB universes and clusters are created and managed using Yugabyte Platform. The default option to install Yugabyte Platform on a host machine that is connected to the Internet.
 
 ## Install Replicated
 
-Connect to the Yugabyte Platform instance and do the following.
-
-1. Install Replicated.
+Connect to a Yugabyte Platform instance and then install Replicated by executing the following command:
 
 ```sh
 $ curl -sSL https://get.replicated.com/docker | sudo bash
 ```
 
-**NOTE**: If you are installing Replicated behind a proxy, you need to run the following:
+If you are installing Replicated behind a proxy, you need to execute the following command:
 
 ```sh
 $ curl -x http://<proxy_address>:<proxy_port> https://get.replicated.com/docker | sudo bash
 ```
 
-After the Replicated installation completes, verify that it is running by running the following command:
+After the Replicated installation completes, verify that it is running by executing the following command:
 
 ```sh
 $ sudo docker ps
@@ -67,44 +65,51 @@ You should see an output similar to the following:
 
 ![Replicated successfully installed](/images/replicated/replicated-success.png)
 
-## Set up HTTPS (optional)
+## Set Up HTTPS (optional)
 
-Launch Replicated UI by going to [http://yugaware-host-public-ip:8800](http://yugaware-host-public-ip:8800). The warning shown next states that the connection to the server is not private (yet). You will address this warning as soon after setting up HTTPS for the Replicated Admin Console in the next step. Click **Continue to Setup** and then **ADVANCED** to bypass this warning and go to the Replicated Admin Console.
+Launch the Replicated UI via [http://yugaware-host-public-ip:8800](http://yugaware-host-public-ip:8800). Expect to see a warning stating that the connection to the server is not yet private. This condition is resolved once HTTPS for the Replicated Admin Console is set up in the next step. Proceed by clicking **Continue to Setup** **>** **ADVANCED** to bypass the warning and access the **Replicated Admin Console**, as shown in the following illustration:
 
 ![Replicated SSL warning](/images/replicated/replicated-warning.png)
 
-You can provide your own custom SSL certificate along with a hostname.
+You can provide your own custom SSL certificate and a hostname, as shown in the following illustration:
 
 ![Replicated HTTPS setup](/images/replicated/replicated-https.png)
 
-The simplest option is use a self-signed certificate for now and add the custom SSL certificate later. Note that you will have to connect to the Replicated Admin Console using an IP address (as noted below).
+It is recommended that you start with using a self-signed certificate, and then add the custom SSL certificate later. Note that in this case you connect to the Replicated Admin Console using an IP address, as shown in the following illustration:
 
 ![Replicated Self Signed Cert](/images/replicated/replicated-selfsigned.png)
 
-## Upload the license file
+## Upload the License File
 
-Now, upload the Yugabyte license file that you received from [Yugabyte](https://www.yugabyte.com/platform/#request-trial-form).
+Upload the Yugabyte license file that you received from [Yugabyte](https://www.yugabyte.com/platform/#request-trial-form), as shown in the following illustration:
 
 ![Replicated License Upload](/images/replicated/replicated-license-upload.png)
 
-If you are asked to choose an installation type, choose `Online`.
+If you are prompted to choose an installation type, choose **Online**, as shown in the following illustration:
 
 ![Replicated License Online Install](/images/replicated/replicated-license-online-install-option.png)
 
 ![Replicated License Online Progress](/images/replicated/replicated-license-progress.png)
 
 ## Secure Replicated
 
-The next step is to add a password to protect the Replicated Admin Console (note that this Admin Console is for Replicated and is different from Yugabyte Platform, the Admin Console for YugabyteDB).
+Add a password to protect the Replicated Admin Console, which is different from the Admin Console for YugabyteDB used by Yugabyte Platform, as shown in the following illustration:
 
 ![Replicated Password](/images/replicated/replicated-password.png)
 
-## Preflight checks
+## Preflight Checks
 
-Replicated will perform a set of preflight checks to ensure that the host is setup correctly for Yugabyte Platform.
+Replicated performs a set of preflight checks to ensure that the host is set up correctly for Yugabyte Platform, as shown in the following illustration:
 
 ![Replicated Checks](/images/replicated/replicated-checks.png)
 
 Click **Continue** to configure Yugabyte Platform.
 
-If the preflight check fails, review the [Troubleshoot Yugabyte Platform](../../../troubleshoot/) to find a resolution.
+If the preflight check fails, review the [Troubleshoot Yugabyte Platform](../../../troubleshoot/) to resolve the issue.
+
+## Set the TLS Version for Nginx Frontend 
+
+Specify TLS versions via **Application config**, as shown in the following illustration: 
+![Application Config](/images/replicated/application-config.png)
+
+The recommended TLS version is 1.2 or later.

docs/content/latest/yugabyte-platform/install-yugabyte-platform/install-software/kubernetes.md

@@ -39,14 +39,14 @@ showAsideToc: true
 
 ## Prerequisites
 
-Before you install Yugabyte Platform on a Kubernetes cluster, make sure you:
+Before you install Yugabyte Platform on a Kubernetes cluster, perform the following:
 
 - Create a yugabyte-helm service account.
 - Create a `kubeconfig` file for configuring access to the Kubernetes cluster.
 
 ### Create a yugabyte-helm service account
 
-1. Run the following `kubectl` command to apply the YAML file.
+Run the following `kubectl` command to apply the YAML file:
 
 ```sh
 kubectl apply -f https://raw.githubusercontent.com/YugaByte/charts/master/stable/yugabyte/yugabyte-rbac.yaml
@@ -59,9 +59,9 @@ serviceaccount "yugabyte-helm" created
 clusterrolebinding "yugabyte-helm" created
 ```
 
-## Create a `kubeconfig` file for a Kubernetes cluster
+## Create a `kubeconfig` File for a Kubernetes Cluster
 
-To create a `kubeconfig` file for a yugabyte-helm service account:
+You can create a `kubeconfig` file for a yugabyte-helm service account as follows:
 
 1. Run the following `wget` command to get the Python script for generating the `kubeconfig` file:
 
@@ -74,42 +74,44 @@ To create a `kubeconfig` file for a yugabyte-helm service account:
     ```sh
     python generate_kubeconfig.py -s yugabyte-helm
     ```
-
-The following output should appear:
-
-```
-Generated the kubeconfig file: /tmp/yugabyte-helm.conf
-```
-
+    
+    The following output should appear:
+    
+    ```
+    Generated the kubeconfig file: /tmp/yugabyte-helm.conf
+    ```
+    
 3. Upload the generated `kubeconfig` file as the `kubeconfig` in the Yugabyte Platform provider configuration.
 
-## Install Yugabyte Platform on a Kubernetes cluster
+## Install Yugabyte Platform on a Kubernetes Cluster
+
+You install Yugabyte Platform on a Kubernetes cluster as follows:
 
-1. Create a namespace using the `kubectl create namespace` command:
+1. Create a namespace by executing the following `kubectl create namespace` command:
 
     ```sh
     kubectl create namespace yb-platform
     ```
 
-2. Apply the Yugabyte Platform secret (obtained from [Yugabyte](https://www.yugabyte.com/platform/#request-trial-form) by running the following `kubectl create` command:
+2. Apply the Yugabyte Platform secret that you obtained from [Yugabyte](https://www.yugabyte.com/platform/#request-trial-form) by running the following `kubectl create` command:
 
     ```sh
     $ kubectl create -f yugabyte-k8s-secret.yml -n yb-platform
     ```
 
-    You should see output that the secret was created, like this:
+    Expect the following output notifying you that the secret was created:
 
     ```
     secret/yugabyte-k8s-pull-secret created
     ```
 
-3. Run the following `helm repo add` command to clone the [YugabyteDB charts repository](https://charts.yugabyte.com/).
+3. Run the following `helm repo add` command to clone the [YugabyteDB charts repository](https://charts.yugabyte.com/):
 
     ```sh
     $ helm repo add yugabytedb https://charts.yugabyte.com
     ```
 
-    A message should appear, similar to this:
+    A message similar to the following should appear:
 
     ```
     "yugabytedb" has been added to your repositories
@@ -121,7 +123,7 @@ Generated the kubeconfig file: /tmp/yugabyte-helm.conf
     $ helm search repo yugabytedb/yugaware -l
     ```
 
-    The latest Helm Chart version and App version will be displayed.
+    The latest Helm Chart version and App version will be displayed:
 
     ```
     NAME               	CHART VERSION	APP VERSION	DESRIPTION
@@ -130,15 +132,21 @@ Generated the kubeconfig file: /tmp/yugabyte-helm.conf
 
 4. Run the following `helm install` command to install Yugabyte Platform (`yugaware`) Helm chart:
 
-```sh
-helm install yw-test yugabytedb/yugaware --version 2.3.3 -n yb-platform --wait
-```
+    ```sh
+    helm install yw-test yugabytedb/yugaware --version 2.3.3 -n yb-platform --wait
+    ```
+
+5. Optionally, set the TLS version for Nginx frontend by using `ssl_protocols` operational directive in the Helm installation, as follows:
+
+    ```sh
+    helm install yw-test yugabytedb/yugaware --version 2.3.3 -n yb-platform --wait --set tls.sslProtocols="TLSv1.2"
+    ```
 
-A message is output that the deployment succeeded.
+A message output will notify you whether or not the deployment is successful.
 
-## Delete the Helm installation of Yugabyte Platform
+## Delete the Helm Installation of Yugabyte Platform
 
-To delete the Helm install, run the following `helm del` command:
+To delete the Helm installation, run the following `helm del` command:
 
 ```sh
 helm del --purge yw-test -n yb-platform

docs/content/latest/yugabyte-platform/security/enable-encryption-in-transit.md

@@ -254,4 +254,15 @@ X509v3 Basic Constraints:
 
 3. Verify that certificates and keys are in PEM format (as opposed to the DER or other format). If these artifacts are not in the PEM format and you require assistance with converting them or identifying the format, consult [Converting Certificates](https://support.globalsign.com/ssl/ssl-certificates-installation/converting-certificates-openssl).
 
-4. Ensure that the private key does not have a passphrase associated with it. For information on how to identify this condition, see [How to Decrypt an Enrypted SSL RSA Private Key](https://techjourney.net/how-to-decrypt-an-enrypted-ssl-rsa-private-key-pem-key/).
+4. Ensure that the private key does not have a passphrase associated with it. For information on how to identify this condition, see [How to Decrypt an Enrypted SSL RSA Private Key](https://techjourney.net/how-to-decrypt-an-enrypted-ssl-rsa-private-key-pem-key/).
+
+## Enforcing TLS Versions
+
+As TLS 1.0 and 1.1 are no longer accepted by PCI compliance, and considering significant vulnerabilities around these versions of the protocol, it is recommended that you migrate to TLS 1.2 (default).
+
+You can set the TLS version for node-to-node and client-node communication. To enforce the minimum TLS version of 1.2, add the following flag for T-Server: 
+
+```
+ssl_protocols = tlsv12
+```
+