Improve TLS (#15)

main.go

@@ -122,11 +122,21 @@ func getListener(proxyCert string, proxyKey string) (net.Listener, error) {
 	cert, err := tls.X509KeyPair([]byte(proxyCert), []byte(proxyKey))
 	if err != nil {
 		klog.Fatal(err)
-
 		os.Exit(1)
 	}
 
 	return tls.Listen("tcp", proxyAddr, &tls.Config{
-		Certificates: []tls.Certificate{cert},
+		Certificates:             []tls.Certificate{cert},
+		MinVersion:               tls.VersionTLS12, // Set the minimum version of TLS to 1.2
+		MaxVersion:               tls.VersionTLS13, // Set the maximum version of TLS to 1.3
+		PreferServerCipherSuites: true,
+		CipherSuites: []uint16{
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+		},
 	})
 }