TLS cipher settings

What happened?

Hi, I was looking through the reference documentation. Where would I find the server-side TLS settings for Pomerium? For example: minimum TLS version, and allowed ciphers.

I don’t actually need to change the encryption settings. The Pomerium defaults are fine (TLSv1.2, strong ciphers only). But I know our SOC 2 auditor will ask to see them next year, so I may have to make them explicit.

What’s your environment like?

  • Pomerium version (retrieve with pomerium --version): 0.17.2
  • Server Operating System/Architecture/Cloud: Ubuntu 20.04

We use Envoy for TLS termination with these settings:

Thanks! I also found a helpful document under Docs → Community → Security: Security | Pomerium