diff options
author | Krasimir Angelov <kangelov@gitlab.com> | 2019-05-16 12:48:38 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2019-05-16 12:48:38 +0300 |
commit | 0d97132056ac751d2841e35466225fbff6ad727e (patch) | |
tree | 1f9cd9f7b4369cf457d56a74fe24eb5e1a273c42 /main.go | |
parent | 656dfa25f02513e2b0c489ca88887f10a72299e6 (diff) |
Disable 3DES and other insecure cipher suites
Supported cipher suites:
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Closes https://gitlab.com/gitlab-org/gitlab-pages/issues/150.
Diffstat (limited to 'main.go')
-rw-r--r-- | main.go | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -51,6 +51,7 @@ var ( clientSecret = flag.String("auth-client-secret", "", "GitLab application Client Secret") redirectURI = flag.String("auth-redirect-uri", "", "GitLab application redirect URI") maxConns = flag.Uint("max-conns", 5000, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners") + insecureCiphers = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4") disableCrossOriginRequests = flag.Bool("disable-cross-origin-requests", false, "Disable cross-origin requests") @@ -82,6 +83,7 @@ func configFromFlags() appConfig { config.LogFormat = *logFormat config.LogVerbose = *logVerbose config.MaxConns = int(*maxConns) + config.InsecureCiphers = *insecureCiphers for _, file := range []struct { contents *[]byte @@ -194,6 +196,7 @@ func appMain() { "default-config-filename": flag.DefaultConfigFlagname, "disable-cross-origin-requests": *disableCrossOriginRequests, "domain": config.Domain, + "insecure-ciphers": config.InsecureCiphers, "listen-http": strings.Join(listenHTTP, ","), "listen-https": strings.Join(listenHTTPS, ","), "listen-proxy": strings.Join(listenProxy, ","), |