From a33c5f308896ffae9cfe35bbba5780c1f5a8b37b Mon Sep 17 00:00:00 2001
From: Linuro <cpp@zom.bi>
Date: Mon, 2 Aug 2021 14:57:21 +0200
Subject: [PATCH] use ciphersuits per SSLlabs and BSI recommendations

---
 config/dynamic/tls.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/config/dynamic/tls.yml b/config/dynamic/tls.yml
index 94311c1..670e436 100644
--- a/config/dynamic/tls.yml
+++ b/config/dynamic/tls.yml
@@ -3,9 +3,7 @@ tls:
     default:
       minVersion: VersionTLS12
       cipherSuites:
-        - TLS_CHACHA20_POLY1305_SHA256
-        - TLS_AES_128_GCM_SHA256
-        - TLS_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+      - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+      - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+      - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384