Closed joshdentremont closed 1 month ago
Looks like Traefik automatically blocks TLS 1.0 and 1.1 in newer versions, but this might still be worth merging for anyone who wants to be able to edit other traefik options in production.
We could also use this to specify the cipher suites for increased security, which may be worth setting as a default.
Also specifying the cipher suites used. I based this on a scan using SSL Labs.
The last two ciphers show as weak, but were needed for supporting older versions of Safari and IE
Adds a second tls.yml file for production sites so that prod and dev can have separate options.
Also sets the minimum TLS version for production to 1.2 in order to block TLS 1.0 and 1.1 on production sites.
To test this, there should be no change to dev sites, but spinning up a production site with this PR should cause TLS 1.0 and 1.1 to be disabled. You can test it using something like https://www.ssllabs.com/ssltest/index.html