doc: write the list of supperted cipher suites in TCM

maryiaLichko · maryiaLichko · commit dc609b06e0ec · 2025-09-23T16:56:54.000+03:00
diff --git a/doc/tooling/tcm/tcm_configuration_reference.rst b/doc/tooling/tcm/tcm_configuration_reference.rst
@@ -656,49 +656,56 @@ The ``http`` group defines parameters of HTTP connections between |tcm| and clie
 
    Enabled TLS cipher suites. The supported ciphers are:
 
+    - TLS 1.0 - 1.2 cipher suites:
+        - TLS_RSA_WITH_RC4_128_SHA
+        - TLS_RSA_WITH_3DES_EDE_CBC_SHA
+        - TLS_RSA_WITH_AES_128_CBC_SHA
+        - TLS_RSA_WITH_AES_256_CBC_SHA
+        - TLS_RSA_WITH_AES_128_CBC_SHA256
+        - TLS_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+        - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+        - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+        - TLS_ECDHE_RSA_WITH_RC4_128_SHA
+        - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+        - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+        - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+        - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+
+    - TLS 1.3 cipher suites:
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator that the client is doing version fallback
+        - TLS_FALLBACK_SCSV uint16 = 0x5600
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305   = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA25
+
+   For detailed information on ciphers, refer to the Golang `tls.TLS_* <https://pkg.go.dev/crypto/tls#pkg-constants>`__ constants.
+
+   The example below shows how to configure cipher suites:
+
    .. code-block:: yaml
 
-       const (
-           // TLS 1.0 - 1.2 cipher suites.
-           TLS_RSA_WITH_RC4_128_SHA                      uint16 = 0x0005
-           TLS_RSA_WITH_3DES_EDE_CBC_SHA                 uint16 = 0x000a
-           TLS_RSA_WITH_AES_128_CBC_SHA                  uint16 = 0x002f
-           TLS_RSA_WITH_AES_256_CBC_SHA                  uint16 = 0x0035
-           TLS_RSA_WITH_AES_128_CBC_SHA256               uint16 = 0x003c
-           TLS_RSA_WITH_AES_128_GCM_SHA256               uint16 = 0x009c
-           TLS_RSA_WITH_AES_256_GCM_SHA384               uint16 = 0x009d
-           TLS_ECDHE_ECDSA_WITH_RC4_128_SHA              uint16 = 0xc007
-           TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA          uint16 = 0xc009
-           TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA          uint16 = 0xc00a
-           TLS_ECDHE_RSA_WITH_RC4_128_SHA                uint16 = 0xc011
-           TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA           uint16 = 0xc012
-           TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA            uint16 = 0xc013
-           TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA            uint16 = 0xc014
-           TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       uint16 = 0xc023
-           TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         uint16 = 0xc027
-           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         uint16 = 0xc02f
-           TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       uint16 = 0xc02b
-           TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         uint16 = 0xc030
-           TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       uint16 = 0xc02c
-           TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   uint16 = 0xcca8
-           TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcca9
-
-           // TLS 1.3 cipher suites.
-           TLS_AES_128_GCM_SHA256       uint16 = 0x1301
-           TLS_AES_256_GCM_SHA384       uint16 = 0x1302
-           TLS_CHACHA20_POLY1305_SHA256 uint16 = 0x1303
-
-           // TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator
-           // that the client is doing version fallback. See RFC 7507.
-           TLS_FALLBACK_SCSV uint16 = 0x5600
-
-           // Legacy names for the corresponding cipher suites with the correct _SHA256
-           // suffix, retained for backward compatibility.
-           TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305   = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-           TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-       )
+       http:
+           cipher-suites:
+             - TLS_AES_256_GCM_SHA384
+             - TLS_AES_128_GCM_SHA256
+             - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+             - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+             - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+             - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+             - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+             - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 
-   For detailed information on ciphers, refer to the Golang `tls.TLS_* <https://pkg.go.dev/crypto/tls#pkg-constants>`__ constants.
 
     |
     | Type: []uint16
