From a1ac43f31db211a49b097ce223914d2bad2bdc64 Mon Sep 17 00:00:00 2001
From: Simon Bengtsson <SlyngDK@users.noreply.github.com>
Date: Mon, 17 Apr 2023 09:51:17 +0200
Subject: [PATCH] Adjusted tls versions and ciphers

---
 server/server.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/server/server.go b/server/server.go
index b4426e6..0d2de59 100644
--- a/server/server.go
+++ b/server/server.go
@@ -180,6 +180,15 @@ func (s *server) startHttpsServer(dataDir string) error {
 
 	httpsSrv.TLSConfig = tlsConfig
 	httpsSrv.TLSConfig.ClientAuth = tls.RequestClientCert
+	httpsSrv.TLSConfig.MinVersion = tls.VersionTLS12
+	httpsSrv.TLSConfig.CipherSuites = []uint16{
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_AES_256_GCM_SHA384,
+		tls.TLS_CHACHA20_POLY1305_SHA256,
+	}
 
 	go func() {
 		if err := httpsSrv.ListenAndServeTLS("", ""); err != nil {