homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow PreferServerCipherSuites as a TLS Option

Browse source
This commit is contained in:
Daniel Tomcej 2020-02-12 11:06:04 -06:00 committed by GitHub
parent 94b2b6393f
commit 7c430e5c9d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 112 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

33
docs/content/https/tls.md
View file

@ -347,6 +347,39 @@ spec:
sniStrict: true
```
### Prefer Server Cipher Suites
This option allows the server to choose its most preferred cipher suite instead of the client's.
Please note that this is enabled automatically when `minVersion` or `maxVersion` are set.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
preferServerCipherSuites = true
```
```yaml tab="File (YAML)"
# Dynamic configuration
tls:
options:
default:
preferServerCipherSuites: true
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
namespace: default
spec:
preferServerCipherSuites: true
```
### Client Authentication (mTLS)
Traefik supports mutual authentication, through the `clientAuth` section.