Use secure ciphers for TLS
The tls.Config
used to configure the Gitaly server does not specify a
cipher suite to be used. Consequently, the default cipher suite defined
by the tls
package is used which contains ciphers with known security
issues. The Go language maintains a list of cipher suites without known
security issues that can be accessed through tls.CipherSuites()
.
Explicitly configure the tls.Config
for Gitaly servers to use the list
of secure cipher suites maintained by Go.