Allow configurable HTTPS SSL/TLS version(#4451)

author: spacetourist <guy.callum@gmail.com> 2017-05-20 13:31:25 +0100
committer: 无闻 <u@gogs.io> 2017-05-20 08:31:25 -0400
commit: 0a6ceabb9baa4f0058f4403b392b8fda845a5d5a (patch)
tree: 55d884e27212b4aec4e5b73a3e490d37fa5ac9a0 /cmd
parent: d71a8fece853911fb4702e43447da6fffd52941b (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/cmd/web.go b/cmd/web.go
index b2003be9..d9cd59c1 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -672,8 +672,21 @@ func runWeb(ctx *cli.Context) error {
 	case setting.SCHEME_HTTP:
 		err = http.ListenAndServe(listenAddr, m)
 	case setting.SCHEME_HTTPS:
+		var tlsMinVersion uint16
+		switch setting.TLSMinVersion {
+		case "SSL30":
+			tlsMinVersion = tls.VersionSSL30
+		case "TLS12":
+			tlsMinVersion = tls.VersionTLS12
+		case "TLS11":
+			tlsMinVersion = tls.VersionTLS11
+		case "TLS10":
+			fallthrough
+		default:
+			tlsMinVersion = tls.VersionTLS10
+		}
 		server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{
-			MinVersion:               tls.VersionTLS10,
+			MinVersion:               tlsMinVersion,
 			CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 			PreferServerCipherSuites: true,
 			CipherSuites: []uint16{
author	spacetourist <guy.callum@gmail.com>	2017-05-20 13:31:25 +0100
committer	无闻 <u@gogs.io>	2017-05-20 08:31:25 -0400
commit	0a6ceabb9baa4f0058f4403b392b8fda845a5d5a (patch)
tree	55d884e27212b4aec4e5b73a3e490d37fa5ac9a0 /cmd
parent	d71a8fece853911fb4702e43447da6fffd52941b (diff)