diff options
| author | Quentin <quentin@deuxfleurs.fr> | 2021-05-07 20:01:31 +0200 |
|---|---|---|
| committer | Quentin <quentin@deuxfleurs.fr> | 2021-05-07 20:01:31 +0200 |
| commit | 3bb2cf9e931728f137bf756f8adfa556a476691c (patch) | |
| tree | 2975f9392477e4aca2a26cff1e7e101fdb3436e6 | |
| parent | 1f15d29eabc1c114537690332fda924e9aba6af4 (diff) | |
| download | infrastructure-3bb2cf9e931728f137bf756f8adfa556a476691c.tar.gz infrastructure-3bb2cf9e931728f137bf756f8adfa556a476691c.zip | |
Allow only cipher suites recommended by Mozilla
Check https://ssl-config.mozilla.org/#server=traefik&version=1.7&config=intermediate&guideline=5.6
| -rw-r--r-- | app/traefik/config/traefik.toml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/app/traefik/config/traefik.toml b/app/traefik/config/traefik.toml index 4a48fde..e274be8 100644 --- a/app/traefik/config/traefik.toml +++ b/app/traefik/config/traefik.toml @@ -14,6 +14,15 @@ defaultEntryPoints = ["http", "https"] address = ":443" compress = true [entryPoints.https.tls] + minVersion = "VersionTLS12" + cipherSuites = [ + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + ] [ping] entrypoint = "admin" |