Traefik has enabled (I don’t know why) TLS < 1.2 by default. And if you try to test network with SSL Labs you will get B ranking because of that. So how to correct it?

SSL dynamic configuration

This is my ssl_config.yml file:

tls:
  options:
    mytls:
      sniStrict: true
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
      curvePreferences:
        - CurveP521
        - CurveP384
    mintls13:
      minVersion: VersionTLS13

Update configuration of your traefik with folowing to load configuration

# other file configuration 

providers:
  # other providers

  file:
    filename: "/tls_config.yml"
    watch: true

# rest of configuration

Enabling TLS options

To enable configuration add following line to labels in your docker-compose.yml file

- "traefik.http.routers.<your-router-name>[email protected]"

This is my 100DaysToOffload 2/100 post.