Allow only cipher suites recommended by Mozilla

Check https://ssl-config.mozilla.org/#server=traefik&version=1.7&config=intermediate&guideline=5.6
2021-05-07 20:01:31 +02:00 · 2021-05-07 20:01:31 +02:00 · 3bb2cf9e93
parent 1f15d29eab
commit 3bb2cf9e93
1 changed files with 9 additions and 0 deletions
--- a/app/traefik/config/traefik.toml
+++ b/app/traefik/config/traefik.toml
@ -14,6 +14,15 @@ defaultEntryPoints = ["http", "https"]
  address = ":443"
  compress = true
    [entryPoints.https.tls]
+    minVersion = "VersionTLS12"
+    cipherSuites = [
+      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+    ]

 [ping]
 entrypoint = "admin"