Add suggested TLSv1.2 config

This commit is contained in:
Melon 2023-12-16 00:53:24 +00:00
parent bc6e98db8c
commit 822c7b570a
Signed by: melon
GPG Key ID: 6C9D970C50D26A25

View File

@ -32,6 +32,16 @@ func NewHttpsServer(conf *conf.Conf) *http.Server {
rateLimiter.ServeHTTP(rw, req)
}),
TLSConfig: &tls.Config{
// Suggested by https://ssl-config.mozilla.org/#server=go&version=1.21.5&config=intermediate
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
},
GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
// error out on invalid domains
if !conf.Domains.IsValid(info.ServerName) {