# See https://doc.traefik.io/traefik/https/tls/ tls: options: # To use with the label "traefik.http.routers.myrouter.tls.options=modern@file" modern: minVersion: "VersionTLS13" # Minimum TLS Version sniStrict: true # Strict SNI Checking # To use with the label "traefik.http.routers.myrouter.tls.options=intermediate@file" intermediate: cipherSuites: - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" minVersion: "VersionTLS12" # Minimum TLS Version sniStrict: true # Strict SNI Checking # To use with the label "traefik.http.routers.myrouter.tls.options=old@file" old: cipherSuites: - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_WITH_AES_128_GCM_SHA256" - "TLS_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_WITH_AES_128_CBC_SHA256" - "TLS_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" minVersion: "TLSv1" # Minimum TLS Version sniStrict: true # Strict SNI Checking # Generated 2021-08-12, Mozilla Guideline v5.6, Traefik 2.4.8 # https://ssl-config.mozilla.org/#server=traefik&version=2.4.8&config=old&guideline=5.6 # https://ssl-config.mozilla.org/#server=traefik&version=2.4.8&config=intermediate&guideline=5.6