Enable TLS v1.3 in HAproxy
We are now shipping OpenSSL v1.1.1 in GitLab 12.1, and this supports TLS v1.3. We can enable this in NGINX (gitlab-org/omnibus-gitlab!3458 (merged)), but we need HAProxy to support TLS v1.3 for users to benefit on GitLab.com. I suspect this will speed up connection establishment (#2321).
Docs on building HAProxy with TLS v1.3: https://dnsprivacy.org/wiki/display/DP/Building+HAProxy+so+that+it+can+use+TLSv1.3
@jarv @gitlab-com/gl-security/appsec any reason we shouldn't do this?