mirror of
https://github.com/1f349/violet.git
synced 2024-12-26 01:06:25 +00:00
Add suggested TLSv1.2 config
This commit is contained in:
parent
bc6e98db8c
commit
822c7b570a
@ -32,6 +32,16 @@ func NewHttpsServer(conf *conf.Conf) *http.Server {
|
||||
rateLimiter.ServeHTTP(rw, req)
|
||||
}),
|
||||
TLSConfig: &tls.Config{
|
||||
// Suggested by https://ssl-config.mozilla.org/#server=go&version=1.21.5&config=intermediate
|
||||
MinVersion: tls.VersionTLS12,
|
||||
CipherSuites: []uint16{
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||
},
|
||||
GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||
// error out on invalid domains
|
||||
if !conf.Domains.IsValid(info.ServerName) {
|
||||
|
Loading…
Reference in New Issue
Block a user