docker-traefik icon indicating copy to clipboard operation
docker-traefik copied to clipboard

Published 20 hours ago verified publisher icon htpcBeginner

TLS <1.2 support

Open Motophan opened this issue 4 years ago • 1 comments

https://adminsecurity.guru/traefik-v2-ssllabs-A-plus/

adding --providers.file.filename=/etc/traefik/dynamic.yml

and - "traefik.http.routers.adminsec.middlewares=secHeaders@file"

to both containers labels and traefik labels still shows a B grade on ssl labs, indicating something is overriding this configuration.

I believe this may be due to the webserver is still supplying the default traefik cert when no sni is sent to the domain. (but when sni is sent to the domain, I think it responds with correct cyphers, however, I am unsure how to test this).

Motophan avatar Jan 20 '21 10:01 Motophan

Just to confirm, I am requesting TLS 1.1 and lower be BLOCKED not supported. And known insecure cypher's disallowed.

image

Motophan avatar Jan 20 '21 10:01 Motophan