Merge pull request #46395 from MichalMaler/TLS-guide-rev

cescoffier · web-flow · commit d9b444e73af9 · 2025-02-20T16:35:01.000+01:00
TLS guide Review
diff --git a/docs/src/main/asciidoc/http-reference.adoc b/docs/src/main/asciidoc/http-reference.adoc
@@ -40,8 +40,7 @@ Look at the xref:web-dependency-locator.adoc[Web dependency locator] guide for d
 
 Static resources can be served from a local directory by installing an additional route in the Vert.x router.
 
-For instance, to serve resources from the `static/` directory relative to the current path at http://localhost:8080/static/,
-you can install the following route:
+For instance, to serve resources from the `static/` directory relative to the current path at http://localhost:8080/static/, you can install the following route:
 
 [source,java]
 ----
diff --git a/docs/src/main/asciidoc/tls-registry-reference.adoc b/docs/src/main/asciidoc/tls-registry-reference.adoc
@@ -670,20 +670,20 @@ While this feature can provide flexibility, it also introduces a potential secur
 
 When a client initiates a new TLS handshake, the server typically consumes significantly more CPU resources than the client. This resource asymmetry can be exploited to launch denial-of-service (DoS) attacks, overwhelming the server with renegotiation requests.
 
-TLS 1.3 completely removes support for renegotiation, effectively closing this potential attack vector. However, if you are using TLS 1.2 or an older version, you need to take additional steps to secure your application.
-
-To prevent client-initiated renegotiation in TLS 1.2 and earlier versions, set the `jdk.tls.rejectClientInitiatedRenegotiation` system property to true:
+TLS 1.3 completely removes support for renegotiation, effectively closing this potential attack vector.
 
+* To secure TLS 1.2 and earlier, set `jdk.tls.rejectClientInitiatedRenegotiation` to `true` to prevent client-initiated renegotiation.
++
 [source]
 ----
 # JVM mode:
 java -Djdk.tls.rejectClientInitiatedRenegotiation=true -jar ...
 # Native mode
 ./application -Djdk.tls.rejectClientInitiatedRenegotiation=true
 ----
-
++
 If you are using the Quarkus-provided `Dockerfile` in JVM mode, you can disable renegotiation by adding the property to the `JAVA_OPTS_APPEND` environment variable:
-
++
 [source]
 ----
 ENV JAVA_OPTS_APPPEND="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager -Djdk.tls.rejectClientInitiatedRenegotiation=true"
