Get a Rating With Traefik SSL

Traefik has enabled (I don’t know why) TLS < 1.2 by default.

And if you try to test network with SSL Labs you will get B ranking because of that. So how to correct it?

SSL dynamic configuration

This is my ssl_config.yml file:

 1tls:
 2  options:
 3    mytls:
 4      sniStrict: true
 5      minVersion: VersionTLS12
 6      cipherSuites:
 7        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
 8        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 9        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
10        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
11        - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
12        - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
13      curvePreferences:
14        - CurveP521
15        - CurveP384
16    mintls13:
17      minVersion: VersionTLS13

Update configuration of your traefik with folowing to load configuration

 1# other file configuration 
 2
 3providers:
 4  # other providers
 5
 6  file:
 7    filename: "/tls_config.yml"
 8    watch: true
 9
10# rest of configuration

Enabling TLS options

To enable configuration add following line to labels in your docker-compose.yml file

1- "traefik.http.routers.<your-router-name>.tls.options=mytls@file"

This is my 100DaysToOffload 2/100 post.

#Networking #Traefik #Security #100DaysToOffload