GitLab

Currently, it is not possible to specify supported TLS protocols versions. In some environments it might be required or, at least, useful. In particular, only TLSv1.3 and higher should be used for XoT.

We could model the behaviour for configuring this from e.g NGINX. It has ssl_protocols option where multiple TLS protocol versions could be specified. It could look like this:

tls some-tls {
    ...
    protocols {TLSv1.2, TLSv1.3};
    ...
};

It is going to be useful for both DoH and DoT.

The issue is a half of #2775.