diff options
author | Vladimir Shushlin <vshushlin@gitlab.com> | 2021-04-26 09:58:35 +0300 |
---|---|---|
committer | Vladimir Shushlin <vshushlin@gitlab.com> | 2021-04-26 09:58:35 +0300 |
commit | 782e0b46d29d4c7b0b953b51cbaf1bb197124bae (patch) | |
tree | 7379b9b896523eb31b1ae4aaf18acd3850e6c1cd | |
parent | 7250a994989f44c8bc3b83f60cba564cd3c3a74e (diff) | |
parent | ea0a6acc050f39393414a68c442f1fb4a01de509 (diff) |
Merge branch 'remove/ssl3' into 'master'
Remove SSLv3, TLS v1.0, and TLS v1.1 support
See merge request gitlab-org/gitlab-pages!463
-rw-r--r-- | README.md | 3 | ||||
-rw-r--r-- | internal/config/tls/tls.go | 3 | ||||
-rw-r--r-- | internal/config/tls/tls_test.go | 2 | ||||
-rw-r--r-- | test/acceptance/tls_test.go | 4 |
4 files changed, 4 insertions, 8 deletions
@@ -272,8 +272,7 @@ assuming they know the URL beforehand. GitLab Pages defaults to TLS 1.2 as the minimum supported TLS version. This can be configured by using the `-tls-min-version` and `-tls-max-version` options. Accepted -values are `ssl3`, `tls1.0`, `tls1.1`, `tls1.2`, and `tls1.3` (if supported). When `tls1.3` -is used GitLab Pages will add `tls13=1` to `GODEBUG` to enable TLS 1.3. +values are `tls1.2`, and `tls1.3`. See https://golang.org/src/crypto/tls/tls.go for more. ### Custom headers diff --git a/internal/config/tls/tls.go b/internal/config/tls/tls.go index 941b5e14..69065acf 100644 --- a/internal/config/tls/tls.go +++ b/internal/config/tls/tls.go @@ -26,9 +26,6 @@ var ( // AllTLSVersions has all supported flag values AllTLSVersions = map[string]uint16{ "": 0, // Default value in tls.Config - "ssl3": tls.VersionSSL30, - "tls1.0": tls.VersionTLS10, - "tls1.1": tls.VersionTLS11, "tls1.2": tls.VersionTLS12, "tls1.3": tls.VersionTLS13, } diff --git a/internal/config/tls/tls_test.go b/internal/config/tls/tls_test.go index 8f574eae..06704a64 100644 --- a/internal/config/tls/tls_test.go +++ b/internal/config/tls/tls_test.go @@ -37,7 +37,7 @@ func TestValidateTLSVersions(t *testing.T) { }{ "invalid minimum TLS version": {tlsMin: "tls123", tlsMax: "", err: "invalid minimum TLS version: tls123"}, "invalid maximum TLS version": {tlsMin: "", tlsMax: "tls123", err: "invalid maximum TLS version: tls123"}, - "TLS versions conflict": {tlsMin: "tls1.2", tlsMax: "tls1.1", err: "invalid maximum TLS version: tls1.1; should be at least tls1.2"}, + "TLS versions conflict": {tlsMin: "tls1.3", tlsMax: "tls1.2", err: "invalid maximum TLS version: tls1.2; should be at least tls1.3"}, } for name, tc := range tests { diff --git a/test/acceptance/tls_test.go b/test/acceptance/tls_test.go index 3445c6c3..20db7c6e 100644 --- a/test/acceptance/tls_test.go +++ b/test/acceptance/tls_test.go @@ -88,8 +88,8 @@ func TestTLSVersions(t *testing.T) { tlsClient uint16 expectError bool }{ - "client version not supported": {tlsMin: "tls1.1", tlsMax: "tls1.2", tlsClient: tls.VersionTLS10, expectError: true}, - "client version supported": {tlsMin: "tls1.1", tlsMax: "tls1.2", tlsClient: tls.VersionTLS12, expectError: false}, + "client version not supported": {tlsMin: "tls1.2", tlsMax: "tls1.3", tlsClient: tls.VersionTLS10, expectError: true}, + "client version supported": {tlsMin: "tls1.2", tlsMax: "tls1.3", tlsClient: tls.VersionTLS12, expectError: false}, "client and server using default settings": {tlsMin: "", tlsMax: "", tlsClient: 0, expectError: false}, } |