7 years ago · 0a6ceabb9b
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -672,8 +672,21 @@ func runWeb(ctx *cli.Context) error {
 
				 	case setting.SCHEME_HTTP:
			
 
				 		err = http.ListenAndServe(listenAddr, m)
			
 
				 	case setting.SCHEME_HTTPS:
			
 
				+		var tlsMinVersion uint16
			
 
				+		switch setting.TLSMinVersion {
			
 
				+		case "SSL30":
			
 
				+			tlsMinVersion = tls.VersionSSL30
			
 
				+		case "TLS12":
			
 
				+			tlsMinVersion = tls.VersionTLS12
			
 
				+		case "TLS11":
			
 
				+			tlsMinVersion = tls.VersionTLS11
			
 
				+		case "TLS10":
			
 
				+			fallthrough
			
 
				+		default:
			
 
				+			tlsMinVersion = tls.VersionTLS10
			
 
				+		}
			
 
				 		server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{
			
 
				-			MinVersion:               tls.VersionTLS10,
			
 
				+			MinVersion:               tlsMinVersion,
			
 
				 			CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
			
 
				 			PreferServerCipherSuites: true,
			
 
				 			CipherSuites: []uint16{
			
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -56,6 +56,9 @@ DISABLE_ROUTER_LOG = false
 
				 ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
			
 
				 CERT_FILE = custom/https/cert.pem
			
 
				 KEY_FILE = custom/https/key.pem
			
 
				+; Allowed TLS version values: SSL30, TLS10, TLS11, TLS12
			
 
				+TLS_MIN_VERSION = TLS10
			
 
				+
			
 
				 ; Upper level of template and static file path
			
 
				 ; default is the path where Gogs is executed
			
 
				 STATIC_ROOT_PATH =
			
@@ -148,7 +151,7 @@ ANGLED_QUOTES = true
 
				 
			
 
				 [http]
			
 
				 ; Value for Access-Control-Allow-Origin header, default is not to present
			
 
				-ACCESS_CONTROL_ALLOW_ORIGIN = 
			
 
				+ACCESS_CONTROL_ALLOW_ORIGIN =
			
 
				 
			
 
				 ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
			
 
				 [ssh.minimum_key_sizes]
			
@@ -346,7 +349,7 @@ MAX_DAYS = 7
 
				 ; leave empty to inherit
			
 
				 LEVEL =
			
 
				 ; Webhook URL
			
 
				-URL = 
			
 
				+URL =
			
 
				 
			
 
				 [log.xorm]
			
 
				 ; Enable file rotation
			
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@@ -69,6 +69,7 @@ var (
 
				 	OfflineMode          bool
			
 
				 	DisableRouterLog     bool
			
 
				 	CertFile, KeyFile    string
			
 
				+	TLSMinVersion        string
			
 
				 	StaticRootPath       string
			
 
				 	EnableGzip           bool
			
 
				 	LandingPageURL       LandingPage
			
@@ -438,6 +439,7 @@ func NewContext() {
 
				 		Protocol = SCHEME_HTTPS
			
 
				 		CertFile = sec.Key("CERT_FILE").String()
			
 
				 		KeyFile = sec.Key("KEY_FILE").String()
			
 
				+		TLSMinVersion = sec.Key("TLS_MIN_VERSION").String()
			
 
				 	} else if sec.Key("PROTOCOL").String() == "fcgi" {
			
 
				 		Protocol = SCHEME_FCGI
			
 
				 	} else if sec.Key("PROTOCOL").String() == "unix" {