ghost
commented
6 years ago TLS settings such as version and ciphersuites are a breaking change, so it would be better to opinionate the Kanali API specification and strive for an SSL Labs "A" grade. As a start, the minimum requirement in Kanali v2 could be based off of Amazon's highest security ELB TLS policy for TLSv1.2 "TLS-1-2-2017-01" as described at https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies.
Currently, there is no minimum TLS version required. Hence, the golang default is used which is 1.0. Due to security requirements, it may be important to set the minimum version. Hence, it would be nice if this setting were configurable in Kanali.