Motophan
commented
3 years ago Just to confirm, I am requesting TLS 1.1 and lower be BLOCKED not supported. And known insecure cypher's disallowed.
Open Motophan opened 3 years ago
Motophan
commented
3 years ago Just to confirm, I am requesting TLS 1.1 and lower be BLOCKED not supported. And known insecure cypher's disallowed.
https://adminsecurity.guru/traefik-v2-ssllabs-A-plus/
adding
--providers.file.filename=/etc/traefik/dynamic.ymland
- "traefik.http.routers.adminsec.middlewares=secHeaders@file"to both containers labels and traefik labels still shows a B grade on ssl labs, indicating something is overriding this configuration.
I believe this may be due to the webserver is still supplying the default traefik cert when no sni is sent to the domain. (but when sni is sent to the domain, I think it responds with correct cyphers, however, I am unsure how to test this).