homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Change default TLS options for more security

Browse source
This commit is contained in:
Douglas De Toni Machado 2022-09-08 05:56:08 -03:00 committed by GitHub
parent 703de5331b
commit c84378d649
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 59 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

11
pkg/tls/tlsmanager.go
View file

@ -27,6 +27,17 @@ const (
var DefaultTLSOptions = Options{
// ensure http2 enabled
ALPNProtocols: []string{"h2", "http/1.1", tlsalpn01.ACMETLS1Protocol},
MinVersion: "VersionTLS12",
CipherSuites: getCipherSuites(),
}
func getCipherSuites() []string {
gsc := tls.CipherSuites()
ciphers := make([]string, len(gsc))
for idx, cs := range gsc {
ciphers[idx] = cs.Name
}
return ciphers
}
// Manager is the TLS option/store/configuration factory.