tlsConfig, err := saramatls.NewConfig(args.TLS.ClientTLSCert, args.TLS.ClientTLSKey)
	if err != nil {
		target.loggerOnce(context.Background(), err, target.ID().String())
		return err
	}

	config.Net.TLS.Enable = args.TLS.Enable
	config.Net.TLS.Config = tlsConfig
	config.Net.TLS.Config.InsecureSkipVerify = args.TLS.SkipVerify
	config.Net.TLS.Config.ClientAuth = args.TLS.ClientAuth

any effect.

Go 1.23 changed the default TLS cipher suites used by clients and servers when
not explicitly configured, removing 3DES cipher suites. The default can be reverted
using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites).

Go 1.23 changed the behavior of [`tls.X509KeyPair`](/pkg/crypto/tls#X509KeyPair)
and [`tls.LoadX509KeyPair`](/pkg/crypto/tls#LoadX509KeyPair) to populate the

	return target.initOnce.Do(target.initNSQ)
}

func (target *NSQTarget) initNSQ() error {
	args := target.args

	config := nsq.NewConfig()
	if args.TLS.Enable {
		config.TlsV1 = true
		config.TlsConfig = &tls.Config{
			InsecureSkipVerify: args.TLS.SkipVerify,
		}
	}
	target.config = config

	producer, err := nsq.NewProducer(args.NSQDAddress.String(), config)
	if err != nil {

	tlsConfig, err := saramatls.NewConfig(h.kconfig.TLS.ClientTLSCert, h.kconfig.TLS.ClientTLSKey)
	if err != nil {
		return err
	}

	sconfig.Net.TLS.Enable = h.kconfig.TLS.Enable
	sconfig.Net.TLS.Config = tlsConfig
	sconfig.Net.TLS.Config.InsecureSkipVerify = h.kconfig.TLS.SkipVerify
	sconfig.Net.TLS.Config.ClientAuth = h.kconfig.TLS.ClientAuth
	sconfig.Net.TLS.Config.RootCAs = h.kconfig.TLS.RootCAs

            "name": "ROOTCA",
            "validation_context": {
              "trusted_ca": {
              },
              "custom_validator_config": {
                "name": "envoy.tls.cert_validator.spiffe",
                "typed_config": {
                  "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.SPIFFECertValidatorConfig",

		}

		kafkaArgs.TLS.Enable = getCfgVal(EnvKafkaTLS, k, kv.Get(KafkaTLS)) == config.EnableOn
		kafkaArgs.TLS.SkipVerify = getCfgVal(EnvKafkaTLSSkipVerify, k, kv.Get(KafkaTLSSkipVerify)) == config.EnableOn
		kafkaArgs.TLS.ClientAuth = tls.ClientAuthType(clientAuth)

		kafkaArgs.TLS.ClientTLSCert = getCfgVal(EnvKafkaClientTLSCert, k, kv.Get(KafkaClientTLSCert))

              {{- end }}
              {{- end }}
        {{- if .Values.tls.enabled }}
        - name: cert-secret-volume-mc
          secret:
            secretName: {{ .Values.tls.certSecret }}
            items:
              - key: {{ .Values.tls.publicCrt }}
                path: CAs/public.crt
        {{- end }}
        {{- if .Values.customCommandJob.extraVolumes }}

mountPath: {{ $casPath }} {{- end }} {{- end -}} {{/* Formats volume for MinIO TLS keys and trusted certs */}} {{- define "minio.tlsKeysVolume" -}} {{- if .Values.tls.enabled }} - name: cert-secret-volume secret: secretName: {{ tpl .Values.tls.certSecret $ }} items: - key: {{ .Values.tls.publicCrt }} path: public.crt - key: {{ .Values.tls.privateKey }} path: private.key {{- end }} {{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} {{- $certSecret := eq .Values.trustedCertsSecret "" | ternary...

      "dynamic_active_secrets": [
        {
          "name": "default",
          "last_updated": "2023-05-15T01:32:52.262Z",
          "secret": {
            "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret",
            "name": "default",
            "tls_certificate": {
              "certificate_chain": {

drivesPerNode: 1
# Number of MinIO containers running
replicas: 16
# Number of expanded MinIO clusters
pools: 1

## TLS Settings for MinIO
tls:
  enabled: false
  ## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
  certSecret: ""
  publicCrt: public.crt
  privateKey: private.key