Yet another TLS issue :D

joseftsch · January 27, 2020, 9:06pm

Hey all!

I searched the forum and tried several different suggested but could quite figure it out.
I try to disable every TLS version <= TLS 1.1 and this is what I have:

traefik.toml

[global]
  checkNewVersion = true
[log]
  level = "WARN"
[entryPoints]
  [entryPoints.web-secure]
    address = ":443"
[tls]
  [tls.options]
    [tls.options.default]
      sniStrict = true
      minVersion = "VersionTLS12"
[providers.docker]
  exposedByDefault = false
[api]
  insecure = true
[certificatesResolvers.le.acme]
  email = "admin@domain.tl"
  storage = "/acme.json"
  [certificatesResolvers.le.acme.tlsChallenge]

docker-compose.yml

version: "3.3"
services:
  traefik:
    image: "traefik:v2.1"
    container_name: "traefik"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./traefik.toml:/traefik.toml" # Traefik configuration file
      - "./acme.json:/acme.json"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  ide:
    image: containous/whoami:v1.3.0
    ports:
      - "3000:80"
    container_name: ide
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.ide.rule=Host(`sub.domain.tl`)"
      - "traefik.http.routers.ide.tls=true"
      - "traefik.http.routers.ide.tls.certresolver=le"
      - "traefik.http.routers.ide.entrypoints=web-secure"

I checked with several different tools but they all list TLS 1.0 and TLS 1.1 to be available..

Please help

daniel.tomcej · January 28, 2020, 10:30am

Hello @joseftsch,

If you want to use the tls options on your router, you have to configure it via the labels too:

https://docs.traefik.io/v2.1/routing/providers/docker/#routers

- "traefik.http.routers.ide.tls.options=default"

joseftsch · January 28, 2020, 6:27pm

Hey @daniel.tomcej

thanks for your feedback!
Tried it - but doesnt make any difference - I get the same results. TLS 1.0 and TLS 1.1 is still offered.

cheers
josef

Minikea · January 29, 2020, 4:13pm

the TLS option should be in a dynamic file, not in the static one.
see Set TLS default option with .toml file - #2 by jbd - Traefik v2 (latest) - Traefik Labs Community Forum

joseftsch · January 29, 2020, 7:24pm

That worked! Thanks a lot

pascalandy · January 29, 2020, 11:24pm

Exactly

the TLS option should be in a dynamic file, not in the static one.

Topic		Replies	Views
Disable tls .01 toml Traefik v2 docker	1	314	July 25, 2022
Disable TLS 1.0 and 1.1 Traefik v2 docker	5	11905	June 17, 2020
Unable to force VersionTLS12 Traefik v2 docker	3	1150	January 29, 2020
Traefik 2.5.2 TLS 1.0 1.1 disable Traefik v2 docker-swarm	3	2758	September 14, 2021
Force minimum TLS version using CLI or labels Traefik v2 docker , cli	3	5536	September 4, 2021

Yet another TLS issue :D

Related topics