Get a Rating With Traefik SSL

Traefik has enabled (I don’t know why) TLS < 1.2 by default. And if you try to test network with SSL Labs you will get B ranking because of that. So how to correct it?

SSL dynamic configuration

This is my ssl_config.yml file:

tls:
  options:
    mytls:
      sniStrict: true
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
      curvePreferences:
        - CurveP521
        - CurveP384
    mintls13:
      minVersion: VersionTLS13

Update configuration of your traefik with folowing to load configuration

# other file configuration 

providers: # other providers

file: filename: "/tls_config.yml" watch: true

rest of configuration

Enabling TLS options

To enable configuration add following line to labels in your docker-compose.yml file

- "traefik.http.routers.<your-router-name>.tls.options=mytls@file"

This is my 100DaysToOffload 2/100 post.

💜 Thank You!

URLs

• My omg.lol page

• What am I doing now?

• You can also check my status page or micro.blog if you want know what I'm doing

Projects

• I hosing my projects on GitHub

• I'm currently working on Api Client for the omg lol service.