update golden files

Emyrk · Emyrk · commit 284653fcfa6e · 2023-11-03T11:24:41.000-05:00
diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
@@ -249,12 +249,21 @@ can safely ignore these settings.
       --tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443)
           HTTPS bind address of the server.
 
+      --tls-allow-insecure-ciphers bool, $CODER_TLS_ALLOW_INSECURE_CIPHERS (default: false)
+          By default, only ciphers marked as 'secure' are allowed to be used.
+          See
+          https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L82-L95.
+
       --tls-cert-file string-array, $CODER_TLS_CERT_FILE
           Path to each certificate for TLS. It requires a PEM-encoded file. To
           configure the listener to use a CA certificate, concatenate the
           primary certificate and the CA certificate together. The primary
           certificate should appear first in the combined file.
 
+      --tls-ciphers string-array, $CODER_TLS_CIPHERS
+          Specify specific TLS ciphers that allowed to be used. See
+          https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L53-L75.
+
       --tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none)
           Policy the server will follow for TLS Client Authentication. Accepted
           values are "none", "request", "require-any", "verify-if-given", or
diff --git a/cli/testdata/server-config.yaml.golden b/cli/testdata/server-config.yaml.golden
@@ -83,6 +83,14 @@ networking:
     # Path to key for client TLS authentication. It requires a PEM-encoded file.
     # (default: <unset>, type: string)
     clientKeyFile: ""
+    # Specify specific TLS ciphers that allowed to be used. See
+    # https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L53-L75.
+    # (default: <unset>, type: string-array)
+    tlsCiphers: []
+    # By default, only ciphers marked as 'secure' are allowed to be used. See
+    # https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L82-L95.
+    # (default: false, type: bool)
+    tlsAllowInsecureCiphers: false
     # Controls if the 'Strict-Transport-Security' header is set on all static file
     # responses. This header should only be set if the server is accessed via HTTPS.
     # This value is the MaxAge in seconds of the header.
diff --git a/enterprise/cli/testdata/coder_server_--help.golden b/enterprise/cli/testdata/coder_server_--help.golden
@@ -250,12 +250,21 @@ can safely ignore these settings.
       --tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443)
           HTTPS bind address of the server.
 
+      --tls-allow-insecure-ciphers bool, $CODER_TLS_ALLOW_INSECURE_CIPHERS (default: false)
+          By default, only ciphers marked as 'secure' are allowed to be used.
+          See
+          https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L82-L95.
+
       --tls-cert-file string-array, $CODER_TLS_CERT_FILE
           Path to each certificate for TLS. It requires a PEM-encoded file. To
           configure the listener to use a CA certificate, concatenate the
           primary certificate and the CA certificate together. The primary
           certificate should appear first in the combined file.
 
+      --tls-ciphers string-array, $CODER_TLS_CIPHERS
+          Specify specific TLS ciphers that allowed to be used. See
+          https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L53-L75.
+
       --tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none)
           Policy the server will follow for TLS Client Authentication. Accepted
           values are "none", "request", "require-any", "verify-if-given", or
