openshift · bergerhoffer · Apr 14, 2025
diff --git a/modules/tls-profiles-ingress-configuring.adoc b/modules/tls-profiles-ingress-configuring.adoc
@@ -69,6 +69,7 @@ spec:
 <2> Specify the appropriate field for the selected type:
 * `old: {}`
 * `intermediate: {}`
+* `modern: {}`
 * `custom:`
 <3> For the `custom` type, specify a list of TLS ciphers and minimum accepted TLS version.
 

diff --git a/modules/tls-profiles-kubelet-configuring.adoc b/modules/tls-profiles-kubelet-configuring.adoc
@@ -33,7 +33,7 @@ spec:
 # ...
 ----
 
-You can see the ciphers and the minimum TLS version of the configured TLS security profile in the `kubelet.conf` file on a configured node. 
+You can see the ciphers and the minimum TLS version of the configured TLS security profile in the `kubelet.conf` file on a configured node.
 
 .Prerequisites
 
@@ -75,6 +75,7 @@ spec:
 <2> Specify the appropriate field for the selected type:
 * `old: {}`
 * `intermediate: {}`
+* `modern: {}`
 * `custom:`
 <3> For the `custom` type, specify a list of TLS ciphers and minimum accepted TLS version.
 <4> Optional: Specify the machine config pool label for the nodes you want to apply the TLS security profile.

diff --git a/modules/tls-profiles-kubernetes-configuring.adoc b/modules/tls-profiles-kubernetes-configuring.adoc
@@ -42,11 +42,6 @@ The TLS security profile defines the minimum TLS version and the TLS ciphers req
 
 You can see the configured TLS security profile in the `APIServer` custom resource (CR) under `Spec.Tls Security Profile`. For the `Custom` TLS security profile, the specific ciphers and minimum TLS version are listed.
 
-[NOTE]
-====
-The control plane does not support TLS `1.3` as the minimum TLS version; the `Modern` profile is not supported because it requires TLS `1.3`.
-====
-
 .Prerequisites
 
 * You have access to the cluster as a user with the `cluster-admin` role.
@@ -84,6 +79,7 @@ spec:
 <2> Specify the appropriate field for the selected type:
 * `old: {}`
 * `intermediate: {}`
+* `modern: {}`
 * `custom:`
 <3> For the `custom` type, specify a list of TLS ciphers and minimum accepted TLS version.
 

diff --git a/modules/tls-profiles-understanding.adoc b/modules/tls-profiles-understanding.adoc
@@ -41,10 +41,6 @@ This profile is the recommended configuration for the majority of clients.
 |This profile is intended for use with modern clients that have no need for backwards compatibility. This profile is based on the link:https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility[Modern compatibility] recommended configuration.
 
 The `Modern` profile requires a minimum TLS version of 1.3.
-[NOTE]
-====
-In {product-title} 4.6, 4.7, and 4.8, the `Modern` profile is unsupported. If selected, the `Intermediate` profile is enabled.
-====
 
 |`Custom`
 |This profile allows you to define the TLS version and ciphers to use.