Add suggested TLSv1.2 config

2024-09-19 02:16:24 +01:00 · 2023-12-16 00:53:24 +00:00 · 2023-12-16 00:53:24 +00:00 · 822c7b570a
commit 822c7b570a
parent bc6e98db8c
1 changed files with 10 additions and 0 deletions
--- a/servers/https.go
+++ b/servers/https.go
@ -32,6 +32,16 @@ func NewHttpsServer(conf *conf.Conf) *http.Server {
 			rateLimiter.ServeHTTP(rw, req)
 		}),
 		TLSConfig: &tls.Config{
+			// Suggested by https://ssl-config.mozilla.org/#server=go&version=1.21.5&config=intermediate
+			MinVersion: tls.VersionTLS12,
+		        CipherSuites: []uint16{
+		            tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		            tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		            tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		            tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		            tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+		            tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		        },
 			GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 				// error out on invalid domains
 				if !conf.Domains.IsValid(info.ServerName) {