From d139daebad28daab62d6e8e8a2baeeca9ccb6f16 Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Thu, 7 Nov 2024 14:59:56 -0600
Subject: [PATCH 1/4] Add version support

---
 .../policies/gateway/http-policies/tls-decryption.mdx           | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
index f8c7bbf2175056..f0e9c82f56fd4f 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
@@ -19,6 +19,8 @@ When you enable TLS decryption, Gateway will decrypt all traffic sent over HTTPS
 
 Cloudflare prevents interference by decrypting, inspecting, and re-encrypting HTTPS requests in its data centers in memory only. Gateway only stores eligible cache content at rest. All cache disks are encrypted at rest. You can configure where TLS decryption takes place with [Regional Services](/data-localization/regional-services/) in the [Cloudflare Data Localization Suite (DLS)](/data-localization/).
 
+Gateway supports connections over TLS 1.1, 1.2, and 1.3.
+
 ## Enable TLS decryption
 
 <Render file="gateway/enable-tls-decryption" product="cloudflare-one" />

From 66f81f7f9a44c5cfd1484230738df11a1cb91c1b Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Thu, 7 Nov 2024 15:00:34 -0600
Subject: [PATCH 2/4] Reorder sections

---
 .../cloudflare-one/policies/gateway/http-policies/http3.mdx     | 2 +-
 .../policies/gateway/http-policies/tls-decryption.mdx           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx
index 1f47f26d6fdb3d..ba288c7e5dc683 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: concept
 title: HTTP/3
 sidebar:
-  order: 2
+  order: 3
 ---
 
 import { Details } from "~/components";
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
index f0e9c82f56fd4f..4769bb9683c27d 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
@@ -2,7 +2,7 @@
 pcx_content_type: concept
 title: TLS decryption
 sidebar:
-  order: 3
+  order: 2
 ---
 
 import {

From 5dbc75aa4ebfb0ee8190d76b6ee08b104041edfc Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Thu, 7 Nov 2024 15:07:10 -0600
Subject: [PATCH 3/4] Add H3 requirements

---
 .../cloudflare-one/policies/gateway/http-policies/http3.mdx     | 2 +-
 .../policies/gateway/http-policies/tls-decryption.mdx           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx
index ba288c7e5dc683..17002d04882a51 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/http3.mdx
@@ -7,7 +7,7 @@ sidebar:
 
 import { Details } from "~/components";
 
-Gateway supports inspection of HTTP/3 traffic, which uses the QUIC protocol over UDP. HTTP/3 inspection requires traffic to be proxied over UDP.
+Gateway supports inspection of HTTP/3 traffic, which uses the QUIC protocol over UDP. HTTP/3 inspection requires a [user-side certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) to be deployed and traffic to be proxied over UDP with [TLS version 1.3](/cloudflare-one/policies/gateway/http-policies/tls-decryption/).
 
 Gateway applies HTTP policies to HTTP/3 traffic last. For more information, refer to the [order of enforcement](/cloudflare-one/policies/gateway/order-of-enforcement/#http3-traffic).
 
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
index 4769bb9683c27d..65a2d02b1203a2 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
@@ -19,7 +19,7 @@ When you enable TLS decryption, Gateway will decrypt all traffic sent over HTTPS
 
 Cloudflare prevents interference by decrypting, inspecting, and re-encrypting HTTPS requests in its data centers in memory only. Gateway only stores eligible cache content at rest. All cache disks are encrypted at rest. You can configure where TLS decryption takes place with [Regional Services](/data-localization/regional-services/) in the [Cloudflare Data Localization Suite (DLS)](/data-localization/).
 
-Gateway supports connections over TLS 1.1, 1.2, and 1.3.
+Cloudflare supports connections from users to Gateway over TLS 1.1, 1.2, and 1.3.
 
 ## Enable TLS decryption
 

From e06ce916e74d0bbfd2f578ab09cceb353120307a Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Thu, 7 Nov 2024 15:15:18 -0600
Subject: [PATCH 4/4] Fix casing

---
 .../policies/gateway/http-policies/tls-decryption.mdx       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
index 65a2d02b1203a2..a7864c52ec457e 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tls-decryption.mdx
@@ -53,7 +53,7 @@ Google Chrome can automatically upgrade HTTP requests to HTTPS requests, even wh
 
 You can turn off automatic HTTPS upgrades via a Gateway pass through policy, a Chrome browser flag, or a Chrome Enterprise policy.
 
-<Tabs> <TabItem label="pass through policy">
+<Tabs> <TabItem label="Pass through policy">
 
 To disable automatic HTTPS upgrades for a URL across your Zero Trust organization, create a Gateway pass through policy.
 
@@ -71,11 +71,11 @@ To disable automatic HTTPS upgrades for a URL across your Zero Trust organizatio
 
 The pass through policy will bypass insecure connection upgrades for any device connected to your Zero Trust organization. For more information, refer to [Untrusted certificates](/cloudflare-one/policies/gateway/http-policies/#untrusted-certificates).
 
-</TabItem> <TabItem label="chrome browser flag">
+</TabItem> <TabItem label="Chrome browser flag">
 
 To disable automatic HTTPS upgrades on a per-browser basis, go to [Chrome flags](chrome://flags/#https-upgrades) and turn off **HTTPS Upgrades**.
 
-</TabItem> <TabItem label="chrome enterprise policy">
+</TabItem> <TabItem label="Chrome enterprise policy">
 
 Chrome Enterprise users can turn off automatic HTTPS upgrades for all URLs with a [`HttpsUpgradesEnabled` management policy](https://chromeenterprise.google/policies/#HttpsUpgradesEnabled).