From e403e55292a7fb9fc73023c075f12090b3ff6402 Mon Sep 17 00:00:00 2001
From: Jan Eitzinger <jan.eitzinger@fau.de>
Date: Fri, 17 Jun 2022 10:08:31 +0200
Subject: [PATCH] Improve crypto/tls security settings

---
 server.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server.go b/server.go
index 85cbd3f..5138a1b 100644
--- a/server.go
+++ b/server.go
@@ -446,6 +446,12 @@ func main() {
 		}
 		listener = tls.NewListener(listener, &tls.Config{
 			Certificates: []tls.Certificate{cert},
+			CipherSuites: []uint16{
+				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			},
+			MinVersion:               tls.VersionTLS12,
+			PreferServerCipherSuites: true,
 		})
 		log.Printf("HTTPS server listening at %s...", programConfig.Addr)
 	} else {