From 2e8767f17a81051f3c7f72029f72c863e0a17748 Mon Sep 17 00:00:00 2001
From: bagas <bagas@fossy.my.id>
Date: Thu, 1 Jan 2026 00:57:48 +0700
Subject: [PATCH] chore: upgrade TLS configuration to TLS 1.3

---
 server/tls.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/server/tls.go b/server/tls.go
index 5933026..8cc8afe 100644
--- a/server/tls.go
+++ b/server/tls.go
@@ -301,7 +301,22 @@ func (tm *tlsManager) initCertMagic() error {
 func (tm *tlsManager) getTLSConfig() *tls.Config {
 	return &tls.Config{
 		GetCertificate: tm.getCertificate,
-		MinVersion:     tls.VersionTLS12,
+		MinVersion:     tls.VersionTLS13,
+		MaxVersion:     tls.VersionTLS13,
+
+		SessionTicketsDisabled: false,
+
+		CipherSuites: []uint16{
+			tls.TLS_AES_128_GCM_SHA256,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+		},
+
+		CurvePreferences: []tls.CurveID{
+			tls.X25519,
+		},
+
+		ClientAuth: tls.NoClientCert,
+		NextProtos: nil,
 	}
 }