From 822c7b570aab44221521d4ccdd0134c2263e98cc Mon Sep 17 00:00:00 2001
From: MrMelon54 <github@mrmelon54.com>
Date: Sat, 16 Dec 2023 00:53:24 +0000
Subject: [PATCH] Add suggested TLSv1.2 config

---
 servers/https.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/servers/https.go b/servers/https.go
index a6d42a0..8a1e405 100644
--- a/servers/https.go
+++ b/servers/https.go
@@ -32,6 +32,16 @@ func NewHttpsServer(conf *conf.Conf) *http.Server {
 			rateLimiter.ServeHTTP(rw, req)
 		}),
 		TLSConfig: &tls.Config{
+			// Suggested by https://ssl-config.mozilla.org/#server=go&version=1.21.5&config=intermediate
+			MinVersion: tls.VersionTLS12,
+		        CipherSuites: []uint16{
+		            tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		            tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		            tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		            tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		            tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+		            tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		        },
 			GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 				// error out on invalid domains
 				if !conf.Domains.IsValid(info.ServerName) {