diff options
author | Krasimir Angelov <kangelov@gitlab.com> | 2019-05-28 12:46:50 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2019-05-28 12:46:50 +0300 |
commit | 1050f11598642b017486fc655561399d3766efb5 (patch) | |
tree | c559fced12a012af3f680512e3869b2e4454176c /README.md | |
parent | ef7fff4fa64c9cb3ca57faef3f26fa59f4f51ecb (diff) |
Add config flags to specify TLS versions
Introduce two new configuration options -tls-min-version and
-tls-max-version to control which TLS versions will be supported by the
server. Accepted values are ssl3, tls1.0, tls1.1, tls1.2, and tls1.3.
Closing https://gitlab.com/gitlab-org/gitlab-pages/issues/187
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -226,6 +226,14 @@ to work. However, if it's running on a private network, this may allow websites on the public Internet to access its contents *via* your user's browsers - assuming they know the URL beforehand. +### SSL/TLS versions + +GitLab Pages defaults to TLS 1.2 as the minimum supported TLS version. This can be +configured by using the `-tls-min-version` and `-tls-max-version` options. Accepted +values are `ssl3`, `tls1.0`, `tls1.1`, `tls1.2`, and `tls1.3` (if supported). When `tls1.3` +is used GitLab Pages will add `tls13=1` to `GODEBUG` to enable TLS 1.3. +See https://golang.org/src/crypto/tls/tls.go for more. + ### Configuration The daemon can be configured with any combination of these methods: |