Add tls options for ciphers

Emyrk · Emyrk · commit f9c139a9608a · 2023-11-02T16:42:06.000-05:00
diff --git a/codersdk/deployment.go b/codersdk/deployment.go
@@ -742,6 +742,28 @@ when required by your organization's security policy.`,
 			YAML:        "clientKeyFile",
 			Annotations: clibase.Annotations{}.Mark(annotationExternalProxies, "true"),
 		},
+		{
+			Name:        "TLS Ciphers",
+			Description: "Specify specific TLS ciphers that allowed to be used. See https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L53-L75.",
+			Flag:        "tls-ciphers",
+			Env:         "CODER_TLS_CIPHERS",
+			Default:     "",
+			Value:       &c.TLS.SupportedCiphers,
+			Group:       &deploymentGroupNetworkingTLS,
+			YAML:        "tlsCiphers",
+			Annotations: clibase.Annotations{}.Mark(annotationExternalProxies, "true"),
+		},
+		{
+			Name:        "TLS Allow Insecure Ciphers",
+			Description: "By default, only ciphers marked as 'secure' are allowed to be used. See https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L82-L95.",
+			Flag:        "tls-allow-insecure-ciphers",
+			Env:         "CODER_TLS_ALLOW_INSECURE_CIPHERS",
+			Default:     "false",
+			Value:       &c.TLS.AllowInsecureCiphers,
+			Group:       &deploymentGroupNetworkingTLS,
+			YAML:        "tlsAllowInsecureCiphers",
+			Annotations: clibase.Annotations{}.Mark(annotationExternalProxies, "true"),
+		},
 		// Derp settings
 		{
 			Name:        "DERP Server Enable",
