Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-pages.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVladimir Shushlin <vshushlin@gitlab.com>2021-04-26 09:58:35 +0300
committerVladimir Shushlin <vshushlin@gitlab.com>2021-04-26 09:58:35 +0300
commit782e0b46d29d4c7b0b953b51cbaf1bb197124bae (patch)
tree7379b9b896523eb31b1ae4aaf18acd3850e6c1cd
parent7250a994989f44c8bc3b83f60cba564cd3c3a74e (diff)
parentea0a6acc050f39393414a68c442f1fb4a01de509 (diff)
Merge branch 'remove/ssl3' into 'master'
Remove SSLv3, TLS v1.0, and TLS v1.1 support See merge request gitlab-org/gitlab-pages!463
Diffstat
-rw-r--r--README.md3
-rw-r--r--internal/config/tls/tls.go3
-rw-r--r--internal/config/tls/tls_test.go2
-rw-r--r--test/acceptance/tls_test.go4
4 files changed, 4 insertions, 8 deletions
diff --git a/README.md b/README.md
index 9765c694..08062a0c 100644
--- a/README.md
+++ b/README.md
@@ -272,8 +272,7 @@ assuming they know the URL beforehand.
GitLab Pages defaults to TLS 1.2 as the minimum supported TLS version. This can be
configured by using the `-tls-min-version` and `-tls-max-version` options. Accepted
-values are `ssl3`, `tls1.0`, `tls1.1`, `tls1.2`, and `tls1.3` (if supported). When `tls1.3`
-is used GitLab Pages will add `tls13=1` to `GODEBUG` to enable TLS 1.3.
+values are `tls1.2`, and `tls1.3`.
See https://golang.org/src/crypto/tls/tls.go for more.
### Custom headers
diff --git a/internal/config/tls/tls.go b/internal/config/tls/tls.go
index 941b5e14..69065acf 100644
--- a/internal/config/tls/tls.go
+++ b/internal/config/tls/tls.go
@@ -26,9 +26,6 @@ var (
// AllTLSVersions has all supported flag values
AllTLSVersions = map[string]uint16{
"": 0, // Default value in tls.Config
- "ssl3": tls.VersionSSL30,
- "tls1.0": tls.VersionTLS10,
- "tls1.1": tls.VersionTLS11,
"tls1.2": tls.VersionTLS12,
"tls1.3": tls.VersionTLS13,
}
diff --git a/internal/config/tls/tls_test.go b/internal/config/tls/tls_test.go
index 8f574eae..06704a64 100644
--- a/internal/config/tls/tls_test.go
+++ b/internal/config/tls/tls_test.go
@@ -37,7 +37,7 @@ func TestValidateTLSVersions(t *testing.T) {
}{
"invalid minimum TLS version": {tlsMin: "tls123", tlsMax: "", err: "invalid minimum TLS version: tls123"},
"invalid maximum TLS version": {tlsMin: "", tlsMax: "tls123", err: "invalid maximum TLS version: tls123"},
- "TLS versions conflict": {tlsMin: "tls1.2", tlsMax: "tls1.1", err: "invalid maximum TLS version: tls1.1; should be at least tls1.2"},
+ "TLS versions conflict": {tlsMin: "tls1.3", tlsMax: "tls1.2", err: "invalid maximum TLS version: tls1.2; should be at least tls1.3"},
}
for name, tc := range tests {
diff --git a/test/acceptance/tls_test.go b/test/acceptance/tls_test.go
index 3445c6c3..20db7c6e 100644
--- a/test/acceptance/tls_test.go
+++ b/test/acceptance/tls_test.go
@@ -88,8 +88,8 @@ func TestTLSVersions(t *testing.T) {
tlsClient uint16
expectError bool
}{
- "client version not supported": {tlsMin: "tls1.1", tlsMax: "tls1.2", tlsClient: tls.VersionTLS10, expectError: true},
- "client version supported": {tlsMin: "tls1.1", tlsMax: "tls1.2", tlsClient: tls.VersionTLS12, expectError: false},
+ "client version not supported": {tlsMin: "tls1.2", tlsMax: "tls1.3", tlsClient: tls.VersionTLS10, expectError: true},
+ "client version supported": {tlsMin: "tls1.2", tlsMax: "tls1.3", tlsClient: tls.VersionTLS12, expectError: false},
"client and server using default settings": {tlsMin: "", tlsMax: "", tlsClient: 0, expectError: false},
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 06:42:04 +0300