Enable TLS v1.3 in HAproxy
We are now shipping OpenSSL v1.1.1 in GitLab 12.1, and this supports TLS v1.3. We can enable this in NGINX (gitlab-org/omnibus-gitlab!3458 (merged)), but we need HAProxy to support TLS v1.3 for users to benefit on GitLab.com. I suspect this will speed up connection establishment (https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/2321).
Docs on building HAProxy with TLS v1.3: https://dnsprivacy.org/wiki/display/DP/Building+HAProxy+so+that+it+can+use+TLSv1.3
More details:
There is a PPA: https://haproxy.debian.net/#?distribution=Ubuntu&release=bionic&version=1.8