Skip to content

C
caddy
Commit b6c4178f authored by Pavel Pavlenko's avatar Pavel Pavlenko
Browse files
Options

Remove ECDHE-RSA-3DES-EDE-CBC-SHA and RSA-3DES-EDE-CBC-SHA from the default TLS config

parent 41bdd775
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 0 deletions
caddy/setup/tls.go
View file @ b6c4178f
...@@ -91,6 +91,9 @@ func SetDefaultTLSParams(c *server.Config) { ...@@ -91,6 +91,9 @@ func SetDefaultTLSParams(c *server.Config) {
// If no ciphers provided, use all that Caddy supports for the protocol // If no ciphers provided, use all that Caddy supports for the protocol
if len(c.TLS.Ciphers) == 0 { if len(c.TLS.Ciphers) == 0 {
c.TLS.Ciphers = supportedCiphers c.TLS.Ciphers = supportedCiphers
// Remove ECDHE-RSA-3DES-EDE-CBC-SHA and RSA-3DES-EDE-CBC-SHA from the default TLS config
c.TLS.Ciphers = c.TLS.Ciphers[:len(c.TLS.Ciphers)-2]
} }
// Not a cipher suite, but still important for mitigating protocol downgrade attacks // Not a cipher suite, but still important for mitigating protocol downgrade attacks
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7