1 files changed, 50 insertions, 15 deletions

diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 1a5b9ec3f02..2ad992a059c 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -379,19 +379,54 @@ production: &base
         # "start_tls" or "simple_tls". Defaults to true.
         verify_certificates: true
 
-        # Specifies the path to a file containing a PEM-format CA certificate,
-        # e.g. if you need to use an internal CA.
-        #
-        #   Example: '/etc/ca.pem'
-        #
-        ca_file: ''
-
-        # Specifies the SSL version for OpenSSL to use, if the OpenSSL default
-        # is not appropriate.
-        #
-        #   Example: 'TLSv1_1'
-        #
-        ssl_version: ''
+        # OpenSSL::SSL::SSLContext options.
+        tls_options:
+          # Specifies the path to a file containing a PEM-format CA certificate,
+          # e.g. if you need to use an internal CA.
+          #
+          #   Example: '/etc/ca.pem'
+          #
+          ca_file: ''
+
+          # Specifies the SSL version for OpenSSL to use, if the OpenSSL default
+          # is not appropriate.
+          #
+          #   Example: 'TLSv1_1'
+          #
+          ssl_version: ''
+
+          # Specific SSL ciphers to use in communication with LDAP servers.
+          #
+          # Example: 'ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2'
+          ciphers: ''
+
+          # Client certificate
+          #
+          # Example:
+          #   cert: |
+          #     -----BEGIN CERTIFICATE-----
+          #     MIIDbDCCAlSgAwIBAgIGAWkJxLmKMA0GCSqGSIb3DQEBCwUAMHcxFDASBgNVBAoTC0dvb2dsZSBJ
+          #     bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQDEwtMREFQIENsaWVudDEPMA0GA1UE
+          #     CxMGR1N1aXRlMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTAeFw0xOTAyMjAwNzE4
+          #     rntnF4d+0dd7zP3jrWkbdtoqjLDT/5D7NYRmVCD5vizV98FJ5//PIHbD1gL3a9b2MPAc6k7NV8tl
+          #     ...
+          #     4SbuJPAiJxC1LQ0t39dR6oMCAMab3hXQqhL56LrR6cRBp6Mtlphv7alu9xb/x51y2x+g2zWtsf80
+          #     Jrv/vKMsIh/sAyuogb7hqMtp55ecnKxceg==
+          #     -----END CERTIFICATE -----
+          cert: ''
+
+          # Client private key
+          #   key: |
+          #     -----BEGIN PRIVATE KEY-----
+          #     MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3DmJtLRmJGY4xU1QtI3yjvxO6
+          #     bNuyE4z1NF6Xn7VSbcAaQtavWQ6GZi5uukMo+W5DHVtEkgDwh92ySZMuJdJogFbNvJvHAayheCdN
+          #     7mCQ2UUT9jGXIbmksUn9QMeJVXTZjgJWJzPXToeUdinx9G7+lpVa62UATEd1gaI3oyL72WmpDy/C
+          #     rntnF4d+0dd7zP3jrWkbdtoqjLDT/5D7NYRmVCD5vizV98FJ5//PIHbD1gL3a9b2MPAc6k7NV8tl
+          #     ...
+          #     +9IhSYX+XIg7BZOVDeYqlPfxRvQh8vy3qjt/KUihmEPioAjLaGiihs1Fk5ctLk9A2hIUyP+sEQv9
+          #     l6RG+a/mW+0rCWn8JAd464Ps9hE=
+          #     -----END PRIVATE KEY-----
+          key: ''
 
         # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
         # a request if the LDAP server becomes unresponsive.
@@ -653,8 +688,8 @@ production: &base
     #   # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
     #   # encryption: 'AES256'
     #   # Turns on AWS Server-Side Encryption with Amazon Customer-Provided Encryption Keys for backups, this is optional
-    #   #   This should be set to the 256-bit, base64-encoded encryption key for Amazon S3 to use to encrypt or decrypt your data. 
-    #   #   'encryption' must also be set in order for this to have any effect. 
+    #   #   This should be set to the 256-bit, base64-encoded encryption key for Amazon S3 to use to encrypt or decrypt your data.
+    #   #   'encryption' must also be set in order for this to have any effect.
     #   # encryption_key: '<base64 key>'
     #   # Specifies Amazon S3 storage class to use for backups, this is optional
     #   # storage_class: 'STANDARD'