Add config flags to specify TLS versions

Introduce two new configuration options -tls-min-version and -tls-max-version to control which TLS versions will be supported by the server. Accepted values are ssl3, tls1.0, tls1.1, tls1.2, and tls1.3. Closing https://gitlab.com/gitlab-org/gitlab-pages/issues/187
author: Krasimir Angelov <kangelov@gitlab.com> 2019-05-28 12:46:50 +0300
committer: Nick Thomas <nick@gitlab.com> 2019-05-28 12:46:50 +0300
commit: 1050f11598642b017486fc655561399d3766efb5 (patch)
tree: c559fced12a012af3f680512e3869b2e4454176c /README.md
parent: ef7fff4fa64c9cb3ca57faef3f26fa59f4f51ecb (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/README.md b/README.md
index 13fe7288..7ac92ebe 100644
--- a/README.md
+++ b/README.md
@@ -226,6 +226,14 @@ to work. However, if it's running on a private network, this may allow websites
 on the public Internet to access its contents *via* your user's browsers -
 assuming they know the URL beforehand.
 
+### SSL/TLS versions
+
+GitLab Pages defaults to TLS 1.2 as the minimum supported TLS version. This can be
+configured by using the `-tls-min-version` and `-tls-max-version` options. Accepted
+values are `ssl3`, `tls1.0`, `tls1.1`, `tls1.2`, and `tls1.3` (if supported). When `tls1.3`
+is used GitLab Pages will add `tls13=1` to `GODEBUG` to enable TLS 1.3.
+See https://golang.org/src/crypto/tls/tls.go for more.
+
 ### Configuration
 
 The daemon can be configured with any combination of these methods:
author	Krasimir Angelov <kangelov@gitlab.com>	2019-05-28 12:46:50 +0300
committer	Nick Thomas <nick@gitlab.com>	2019-05-28 12:46:50 +0300
commit	1050f11598642b017486fc655561399d3766efb5 (patch)
tree	c559fced12a012af3f680512e3869b2e4454176c /README.md
parent	ef7fff4fa64c9cb3ca57faef3f26fa59f4f51ecb (diff)