5 // DefaultTLSConfig returns a tls.Config object with system default security restrictions
6 // This is from gtank's cryptopasta defaults
7 // https://github.com/gtank/cryptopasta
8 func DefaultTLSConfig() *tls.Config {
10 // Avoids most of the memorably-named TLS attacks
11 MinVersion: tls.VersionTLS12,
12 // Causes servers to use Go's default ciphersuite preferences,
13 // which are tuned to avoid attacks. Does nothing on clients.
14 PreferServerCipherSuites: true,
15 // Only use curves which have constant-time implementations
16 CurvePreferences: []tls.CurveID{