Hi all,
I have an issue with TLS options applied to an entrypoint. I'm using Traefik 2.3.2.
Here is my dynamic TLS configuration file:
tls:
options:
tls13:
minVersion: "VersionTLS13"
tls10:
minVersion: "VersionTLS10"
cipherSuites:
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
And here is my static configuration portion defining entrypoints:
entryPoints:
https:
address: ":443"
http:
tls:
options: tls13@file
I need to define an option for TLS1.0 for compatibility reasons on a specific environment, but in the example above I need to make TLS1.3 only. The option seems to be applied in the traefik dashboard, as all routers implementing the "https" entrypoint are showing tls13@file as the TLS option set for the route, however SSLLabs scan reveals that all TLS versions are accepted.
There seems to be a bug as the TLS option is accepted by Traefik and displayed as correct in the dashboard, but somehow ignored. The only way I could have specific TLS option applied was to set a different default TLS option for all environments.
Any help figuring this out would be greatly appreciated, thanks!