Remove ECDHE-RSA-3DES-EDE-CBC-SHA and RSA-3DES-EDE-CBC-SHA from the default TLS config

2024-12-23 22:27:38 -05:00 · 2015-12-09 11:10:55 +03:00 · 2015-12-09 11:10:55 +03:00 · b6c4178f0a
commit b6c4178f0a
parent 41bdd77545
1 changed files with 3 additions and 0 deletions
--- a/caddy/setup/tls.go
+++ b/caddy/setup/tls.go
@ -91,6 +91,9 @@ func SetDefaultTLSParams(c *server.Config) {
 	// If no ciphers provided, use all that Caddy supports for the protocol
 	if len(c.TLS.Ciphers) == 0 {
 		c.TLS.Ciphers = supportedCiphers
+		
+		// Remove ECDHE-RSA-3DES-EDE-CBC-SHA and RSA-3DES-EDE-CBC-SHA from the default TLS config
+		c.TLS.Ciphers = c.TLS.Ciphers[:len(c.TLS.Ciphers)-2]
 	}

 	// Not a cipher suite, but still important for mitigating protocol downgrade attacks