Feature Updates
TLS Configuration Flexibility
We've improved how TLS certificates and TLS policies (e.g min TLS version, enabled ciphers) are configured, giving you more flexibility and better security controls.
Orchestrator Update Required to Use
To take advantage of this capability you need to use Orchestrator release v.2025.10.1 or higher.
What Changed
TLS environment variables now only override certificate and key paths — they no longer override your entire TLS configuration block. This means you can now:
Define TLS certificate paths via environment variables (e.g., MAVERICS_TLS_CERT, MAVERICS_TLS_KEY)
Configure TLS policies through in the Deployment Manager
Use both methods simultaneously without conflict
Why This Matters
Enhanced Security Posture
Previously, setting TLS environment variables could unintentionally ignore UI-configured TLS policies. This change ensures your cipher policies remain enforced regardless of how certificates are provided.
Simplified Compliance & Auditing
TLS policies configured in the Maverics Console are now preserved and easily referenced during security audits, making it simpler to demonstrate that unauthorized ciphers are blocked and compliance requirements are met.
Flexible Configuration
You can now leverage the strengths of both configuration methods:
Environment variables for certificate management (ideal for secret management systems and deployment automation)
UI-based policies for cipher configuration (ideal for audit trails and centralized policy management)
What You Need to Know
Orchestrator Update Required: You need to be using Orchestrator v.2025.10.1 to take advantage of this feature.
No breaking changes — Existing configurations will continue to work
Recommended approach — Configure cipher policies in the UI for better audit-ability, while managing certificates via environment variables or the UI based on your deployment needs
Verified behavior — Cipher policies set in the UI are preserved when TLS environment variables are configured