35 lines
No EOL
1.4 KiB
YAML
35 lines
No EOL
1.4 KiB
YAML
################################################################
|
|
# TLS Options (https://jellyfin.org/docs/general/networking/traefik2.html#traefik-providertoml)
|
|
# toml -> yml
|
|
# 2024 updates to cipherSuites from (https://www.smarthomebeginner.com/traefik-v3-docker-compose-guide-2024/)
|
|
#
|
|
# Set secure options by disabling insecure older TLS/SSL versions
|
|
# and insecure ciphers. SNIStrict disabled leaves TLS1.0 open.
|
|
# If you have problems with older clients, you can may need to relax
|
|
# these minimums. This configuration will give you an A+ SSL security
|
|
# score supporting TLS1.2 and TLS1.3
|
|
#
|
|
# Dynamic configuration
|
|
# https://doc.traefik.io/traefik/https/tls/
|
|
################################################################
|
|
tls:
|
|
options:
|
|
tls-opts:
|
|
sniStrict: true
|
|
minVersion: VersionTLS12
|
|
cipherSuites:
|
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
|
- TLS_AES_128_GCM_SHA256
|
|
- TLS_AES_256_GCM_SHA384
|
|
- TLS_CHACHA20_POLY1305_SHA256
|
|
- TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
|
|
curvePreferences:
|
|
- secp521r1 # CurveP521
|
|
- secp384r1 # CurveP384
|
|
mintls13:
|
|
minVersion: VersionTLS13 |