Skip to content

grpc: raise minimum TLS version to 1.2

Patrick Steinhardt requested to merge pks-grpc-tls-1.2 into master

The default minimum TLS version in Go is currently TLS 1.0. Because there are known weaknesses and vulnerabilities in both TLS 1.0 and 1.1, GitLab has announced the end of support for those versions on October 2018 already 1. But Gitaly never followed through and still accepts the old TLS versions.

Fix this by raising the minimum required TLS version to TLS 1.0 for both client- and server-side connections.

Merge request reports