From 11d5214a9dddad18322b3008363350ffd44327c0 Mon Sep 17 00:00:00 2001
From: Linuro <cpp@zom.bi>
Date: Mon, 2 Aug 2021 14:56:45 +0200
Subject: [PATCH 1/2] upgrade traefik to 2.4.9

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index ce50979..05b57da 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2'
 
 services:
   proxy:
-    image: traefik:v2.3
+    image: traefik:v2.4.9
     ports:
       - "80:80"
       - "443:443"

From a33c5f308896ffae9cfe35bbba5780c1f5a8b37b Mon Sep 17 00:00:00 2001
From: Linuro <cpp@zom.bi>
Date: Mon, 2 Aug 2021 14:57:21 +0200
Subject: [PATCH 2/2] use ciphersuits per SSLlabs and BSI recommendations

---
 config/dynamic/tls.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/config/dynamic/tls.yml b/config/dynamic/tls.yml
index 94311c1..670e436 100644
--- a/config/dynamic/tls.yml
+++ b/config/dynamic/tls.yml
@@ -3,9 +3,7 @@ tls:
     default:
       minVersion: VersionTLS12
       cipherSuites:
-        - TLS_CHACHA20_POLY1305_SHA256
-        - TLS_AES_128_GCM_SHA256
-        - TLS_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+      - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+      - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+      - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384