Set minimum TLS version to use (!151) · Merge requests · GitLab.org / cluster-integration / GitLab Agent for Kubernetes

Mikhail Mazurskiy requested to merge ash2k/min-tls-version into master Nov 10, 2020

TLS versions earlier than 1.2 have known vulnerabilities, so set the minimum version to 1.2. Currently the default in Go is 1.0.

@vdesousa Are you the right person for such queries? Could you have a look please?

I wonder if we have a document somewhere that lists the accepted ciphers, TLS version, and other related things that all our applications should conform to? I believe ensuring that such policy exists and is followed across the board is important to satisfy some compliance requirements.

Set minimum TLS version to use

Merge request reports