goharbor
Expose ssl_protocols in harbor.yml to allow users to run harbor with only TLSv1.3 enabled
Is your feature request related to a problem? Please describe. We would like to run harbor with only TLSv1.3 enabled for inbound traffic to increase security in our infrastructure.
Describe the solution you'd like By default harbor allows TLSv1.2 and TLSv1.3 for inbound traffic in its nginx configuration: https://github.com/goharbor/harbor/blob/02b3561ffff7e92153793eb3e590b5f9d61ecd6a/make/photon/prepare/templates/nginx/nginx.https.conf.jinja#L65-L72
One can restrict the used ciphers by setting https.strong_ssl_ciphers but not the the protocols.
Describe the main design/architecture of your solution
A new configuration option in the harbor.yml.tmpl would be needed allowing users to decide which protocols to enable - defaulting to the current versions (TLSv1.2 and TLSv1.3). This flag would probably need to work together with strong_ssl_ciphers because the ciphers can not be used in combination with TLSv1.3 (this is an assumption, needs to be confirmed).
Describe the development plan you've considered I can create a pull request that adds this configuration option.
