as per review and fix docs

zeripath · zeripath · commit 9369a752fa4b · 2021-10-27T17:57:48.000+01:00
Signed-off-by: Andrew Thornton &lt;art27@cantab.net&gt;
diff --git a/cmd/web_https.go b/cmd/web_https.go
@@ -22,7 +22,7 @@ func toTLSVersion(version string) uint16 {
 		return tls.VersionTLS10
 	case "tlsv1.1":
 		return tls.VersionTLS11
-	case "tlsv1.2":
+	case "tlsv1.2", "": // Set TLSv1.2 as our default
 		return tls.VersionTLS12
 	case "tlsv1.3":
 		return tls.VersionTLS13
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
@@ -52,7 +52,7 @@ RUN_MODE = ; prod
 ;PORT_TO_REDIRECT = 80
 ;;
 ;; Minimum and maximum supported TLS versions
-;SSL_MIN_VERSION=tls12
+;SSL_MIN_VERSION=TLSv1.2
 ;SSL_MAX_VERSION=
 ;;
 ;; SSL Curve Preferences
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -310,7 +310,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 
 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
 - `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
-- `SSL_MIN_VERSION`: **tls12**: Set the minimum version of ssl support.
+- `SSL_MIN_VERSION`: **TLSv1.2**: Set the minimum version of ssl support.
 - `SSL_MAX_VERSION`: **\<empty\>**: Set the maximum version of ssl support.
 - `SSL_CURVE_PREFERENCES`: **X25519,P256**: Set the prefered curves,
 - `SSL_CIPHER_SUITES`: **ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305**: Set the preferred cipher suites.
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
@@ -622,8 +622,8 @@ func NewContext() {
 	}
 	LetsEncryptDirectory = sec.Key("LETSENCRYPT_DIRECTORY").MustString("https")
 	LetsEncryptEmail = sec.Key("LETSENCRYPT_EMAIL").MustString("")
-	SSLMinimumVersion = sec.Key("SSL_MIN_VERSION").In("tls12", []string{"tls10", "tls11", "tls12", "tls13"})
-	SSLMaximumVersion = sec.Key("SSL_MAX_VERSION").In("", []string{"tls10", "tls11", "tls12", "tls13"})
+	SSLMinimumVersion = sec.Key("SSL_MIN_VERSION").MustString("")
+	SSLMaximumVersion = sec.Key("SSL_MAX_VERSION").MustString("")
 	SSLCurvePreferences = sec.Key("SSL_CURVE_PREFERENCES").Strings(",")
 	SSLCipherSuites = sec.Key("SSL_CIPHER_SUITES").Strings(",")
 	Domain = sec.Key("DOMAIN").MustString("localhost")
