From e19a33fc1f51f1e5c287acba4c7fb9641513601d Mon Sep 17 00:00:00 2001
From: Ciprian Dorin Craciun <ciprian@volution.ro>
Date: Thu, 15 Aug 2019 10:06:06 +0300
Subject: [PATCH] [server]  Configure TLS options

---
 sources/cmd/server/server.go | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/sources/cmd/server/server.go b/sources/cmd/server/server.go
index 077e2c3..6806f1b 100644
--- a/sources/cmd/server/server.go
+++ b/sources/cmd/server/server.go
@@ -1068,7 +1068,29 @@ func main_0 () (error) {
 	}
 	
 	
-	_tlsConfig := & tls.Config {}
+	_tlsConfig := & tls.Config {
+			Certificates : nil,
+			MinVersion : tls.VersionTLS12,
+			CipherSuites : []uint16 {
+					// NOTE:  https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+					// NOTE:  TLSv1.3
+					tls.TLS_AES_128_GCM_SHA256,
+					tls.TLS_AES_256_GCM_SHA384,
+					tls.TLS_CHACHA20_POLY1305_SHA256,
+					// NOTE:  TLSv1.2
+					tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+					tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+					tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+					// NOTE:  Required for HTTP/2.
+					tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+					tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+				},
+			Renegotiation : tls.RenegotiateNever,
+			PreferServerCipherSuites : true,
+			SessionTicketsDisabled : true,
+			DynamicRecordSizingDisabled : true,
+		}
+	
 	if _certificate, _error := tls.X509KeyPair ([]byte (DefaultTlsCertificatePublic), []byte (DefaultTlsCertificatePrivate)); _error == nil {
 		_tlsConfig.Certificates = append (_tlsConfig.Certificates, _certificate)
 	} else {