package config import "crypto/tls" // TLSConfigFor returns a robus TLS config from a given Config object. func TLSConfigFor (conf Config) *tls.Config { // following: // https://blog.cloudflare.com/exposing-go-on-the-internet/ return &tls.Config { PreferServerCipherSuites: true, CurvePreferences: []tls.CurveID { // https://safecurves.cr.yp.to/ tls.X25519, tls.CurveP521, }, MinVersion: tls.VersionTLS13, CipherSuites: []uint16 { tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, }, Certificates: []tls.Certificate { conf.Certificate() }, } }