# TLS Options 
tls:

{% if selfSignedCN is defined %}

    # use local certificate 
    certificates:
        - certFile: "/cert.pem"
          keyFile: "/cert.key"

{% endif %}

    options:
        default:
            sniStrict: true
            minVersion: "VersionTLS12"
            curvePreferences:
                - "secp521r1"
                - "secp384r1"
            cipherSuites:
                - "TLS_AES_128_GCM_SHA256"
                - "TLS_AES_256_GCM_SHA384"
                - "TLS_CHACHA20_POLY1305_SHA256"
                - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
                - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
                - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"