Skip to main content
May Meow
Get a Rating With Traefik SSL
  1. Posts/

Get a Rating With Traefik SSL

·123 words·1 min·
Networking Traefik Security 100DaysToOffload
May Meow
Author
May Meow
MayMeow is a developer and cybersecurity enthusiast with a passion for cryptography, DevSecOps, and open-source contributions. They enjoy creating tools that strengthen digital security, blending creativity and technology to innovate in fields like PHP and .NET. Always exploring new frontiers in tech, MayMeow is dedicated to safeguarding the digital landscape through their work.
Table of Contents

Traefik has enabled (I don’t know why) TLS < 1.2 by default.

And if you try to test network with SSL Labs you will get B ranking because of that. So how to correct it?

SSL dynamic configuration
#

This is my ssl_config.yml file:

tls:
  options:
    mytls:
      sniStrict: true
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
      curvePreferences:
        - CurveP521
        - CurveP384
    mintls13:
      minVersion: VersionTLS13

Update configuration of your traefik with folowing to load configuration

# other file configuration 

providers:
  # other providers

  file:
    filename: "/tls_config.yml"
    watch: true

# rest of configuration

Enabling TLS options
#

To enable configuration add following line to labels in your docker-compose.yml file

- "traefik.http.routers.<your-router-name>.tls.options=mytls@file"

This is my 100DaysToOffload 2/100 post.

Reply by Email

Related

Note on OpenVPN Routing
·447 words·3 mins
Administration Note Networking Vpn Security 100DaysToOffload
Settig Up SSH Keys for Ubuntu
·681 words·4 mins
Linux Ubuntu Security Tutorials