From 2e985c46120d17d3cce1a1139124a2fbede80cc8 Mon Sep 17 00:00:00 2001
From: "lan.tian" <lance5890@163.com>
Date: Wed, 27 Aug 2025 19:01:49 +0800
Subject: [PATCH] Security: SSL Medium Strength Cipher Suites Supported

Signed-off-by: lan.tian <lance5890@163.com>
---
 http.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/http.go b/http.go
index 32fd62362..c89272619 100644
--- a/http.go
+++ b/http.go
@@ -75,7 +75,19 @@ func (s *Server) ServeHTTP() {
 func (s *Server) ServeHTTPS(ctx context.Context) {
 	addr := s.Opts.HttpsAddress
 
-	config := oscrypto.SecureTLSConfig(&tls.Config{})
+	tlsCipherSuites := []uint16{
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+	}
+	config := oscrypto.SecureTLSConfig(&tls.Config{
+		MinVersion:   tls.VersionTLS12,
+		CipherSuites: tlsCipherSuites,
+	})
+
 	if config.NextProtos == nil {
 		config.NextProtos = []string{"http/1.1"}
 	}