improve ssl labs rating

main.go

@@ -32,6 +32,7 @@ func main() {
 	app := fiber.New(config)
 	app.Use(recover.New())
 	app.Use(myLogger())
+	app.Use(hsts)
 	app.Get("/", docs)
 	app.Static("/", "docs", fiber.Static{MaxAge: 3600 * 24 * 7})
 	app.Get("/dashboard", monitor.New())
@@ -41,7 +42,7 @@ func main() {
 	if tls {
 		go redirect80(config)
 		split := strings.Split(domains, ",")
-		log.Fatal(app.Listener(newListener(split...)))
+		log.Fatal(app.Listener(myListener(split...)))
 	} else {
 		port := os.Getenv("PORT")
 		if port == "" {
@@ -51,7 +52,7 @@ func main() {
 	}
 }
 
-func newListener(domains ...string) net.Listener {
+func myListener(domains ...string) net.Listener {
 	homeDir, err := os.UserHomeDir()
 	if err != nil {
 		panic(err)
@@ -67,6 +68,18 @@ func newListener(domains ...string) net.Listener {
 		NextProtos: []string{
 			"http/1.1", "acme-tls/1",
 		},
+		MinVersion: tls.VersionTLS12,
+		CipherSuites: []uint16{
+			tls.TLS_AES_128_GCM_SHA256,
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		},
 	}
 	ln, err := tls.Listen("tcp", ":443", cfg)
 	if err != nil {
@@ -90,6 +103,11 @@ func myLogger() fiber.Handler {
 	return logger.New(loggerConfig)
 }
 
+func hsts(c *fiber.Ctx) error {
+	c.Set("Strict-Transport-Security", "max-age=31536000")
+	return c.Next()
+}
+
 func docs(c *fiber.Ctx) error {
 	if c.Hostname() != "privtracker.com" {
 		return c.Redirect("https://privtracker.com/", fiber.StatusMovedPermanently)