Make SSL cipher suite configurable (#17440)

cmd/web_letsencrypt.go

@@ -55,6 +55,23 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 	tlsConfig := magic.TLSConfig()
 	tlsConfig.NextProtos = append(tlsConfig.NextProtos, "h2")
 
+	if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
+		tlsConfig.MinVersion = version
+	}
+	if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
+		tlsConfig.MaxVersion = version
+	}
+
+	// Set curve preferences
+	if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
+		tlsConfig.CurvePreferences = curves
+	}
+
+	// Set cipher suites
+	if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
+		tlsConfig.CipherSuites = ciphers
+	}
+
 	if enableHTTPChallenge {
 		go func() {
 			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)