From 0093d609a4d0d34d16f51ccabe61923e44a25bba Mon Sep 17 00:00:00 2001
From: Gregor Noczinski <gregor@noczinski.eu>
Date: Wed, 19 Jun 2024 13:50:13 +0200
Subject: [PATCH] Improve the TLS settings.

---
 lingress.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lingress.go b/lingress.go
index 624c940..956fa99 100644
--- a/lingress.go
+++ b/lingress.go
@@ -208,6 +208,16 @@ func (this *Lingress) createTlsConfig() (*tls.Config, error) {
 	}
 
 	result := tls.Config{
+		MinVersion: tls.VersionTLS12,
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+		},
 		Certificates:   []tls.Certificate{},
 		GetCertificate: this.resolveCertificate,
 	}