From 032671354f6582cc7778b7a48e1e1fdef4836195 Mon Sep 17 00:00:00 2001
From: Marco Argentieri <3596602+tiero@users.noreply.github.com>
Date: Tue, 7 Sep 2021 14:38:55 +0200
Subject: [PATCH] add cipher suite

---
 pkg/torproxy/torproxy.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pkg/torproxy/torproxy.go b/pkg/torproxy/torproxy.go
index 69ed904..9c6410f 100644
--- a/pkg/torproxy/torproxy.go
+++ b/pkg/torproxy/torproxy.go
@@ -119,6 +119,17 @@ func (tp *TorProxy) Serve(address string, options *TLSOptions) error {
 			tlsConfig = &tls.Config{
 				NextProtos:   []string{"http/1.1", http2.NextProtoTLS, "h2-14"}, // h2-14 is just for compatibility. will be eventually removed.
 				Certificates: []tls.Certificate{certificate},
+				CipherSuites: []uint16{
+					tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+					tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+					tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+					tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+					tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+					tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+				},
+				PreferServerCipherSuites: true,
 			}
 		} else {