Option to disable weak ciphers

[Tembhum]

Is your feature request related to a problem? Please describe.
Weak ciphers are considered a security vulnerability.

Describe the solution you'd like
Providing users an option to specify TLS settings in order to disable weak ciphers from Harbor.

List of Weak Cipher Examples on Harbor:

1. TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
2. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
3. TLS_RSA_WITH_AES_256_CBC_SHA
4. TLS_RSA_WITH_AES_128_CBC_SHA

[stonezdj]

You could disable the weak cipher by updating the
common/config/nginx.config
change ssl_ciphers

ssl_ciphers '!SHA:!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';

And restart Harbor.

BTW, do you have any document or link indicate that SHA should be removed from cipher suites?

[github-actions]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

[github-actions]

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.