From c5b9b4904e35876e1da85c41fd1b5826b64d8be4 Mon Sep 17 00:00:00 2001
From: MrMelon54 <github@mrmelon54.com>
Date: Wed, 6 Dec 2023 08:38:12 +0000
Subject: [PATCH] Require minimum TLSv1.3

---
 servers/https.go | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/servers/https.go b/servers/https.go
index 3888aae..389fbfb 100644
--- a/servers/https.go
+++ b/servers/https.go
@@ -45,16 +45,7 @@ func NewHttpsServer(conf *conf.Conf, registry *prometheus.Registry) *http.Server
 		Addr:    conf.HttpsListen,
 		Handler: hsts,
 		TLSConfig: &tls.Config{
-			// Suggested by https://ssl-config.mozilla.org/#server=go&version=1.21.5&config=intermediate
-			MinVersion: tls.VersionTLS12,
-			CipherSuites: []uint16{
-				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-				tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-				tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-				tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-				tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-			},
+			MinVersion: tls.VersionTLS13,
 			GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 				// error out on invalid domains
 				if !conf.Domains.IsValid(info.ServerName) {