Similar to #2715 I have a high-security environment where no TLS1.0 or TLS1.1 traffic is allowed, and registry currently hardcodes the minimum TLS version.

I would like to make a PR from gregrebholz@28e69d1 if it is agreeable.

The optional config.yml argument can be specified as:

http:
  tls:
    minimumtls: tls1.2

An omitted or unrecognized string results in the same TLS1.0 support we have today, and allowed strings are in the updated docs. During startup, any modified minimum TLS version reports:

INFO[0000] restricting TLS to tls1.2 or higher go.version=go1.11.4 instance.id=f105d3fe-e11e-4b67-a4e5-148eaf395315 service=registry version=v2.7.0-5-g28e69d1e.m