Add tls min and max version to serversTransport in K8s provider.

pkg/server/service/transport_test.go

@@ -118,7 +118,8 @@ PtvuNc5EImfSkuPBYLBslNxtjbBvAYgacEdY+gRhn2TeIUApnND58lCWsKbNHLFZ
 ajIPbTY+Fe9OTOFTN48ujXNn
 -----END PRIVATE KEY-----`)
 
-var ciphers = []string{"TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256"}
+var cipherSuite = []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}
+var cipherSuiteName = []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}
 
 func TestKeepConnectionWhenSameConfiguration(t *testing.T) {
 	srv := httptest.NewUnstartedServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
@@ -193,7 +194,11 @@ func TestCipherSuites(t *testing.T) {
 	cert, err := tls.X509KeyPair(LocalhostCert, LocalhostKey)
 	require.NoError(t, err)
 
-	srv.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
+	srv.TLS = &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		CipherSuites: cipherSuite,
+		MaxVersion:   tls.VersionTLS12,
+	}
 	srv.StartTLS()
 
 	transportManager := NewTransportManager(nil)
@@ -201,17 +206,8 @@ func TestCipherSuites(t *testing.T) {
 	dynamicConf := map[string]*dynamic.ServersTransport{
 		"test": {
 			ServerName:   "example.com",
-			// For TLS
 			RootCAs:      []types.FileOrContent{types.FileOrContent(LocalhostCert)},
-
+			CipherSuites: cipherSuiteName,
-			// For mTLS
-			Certificates: traefiktls.Certificates{
-				traefiktls.Certificate{
-					CertFile: types.FileOrContent(mTLSCert),
-					KeyFile:  types.FileOrContent(mTLSKey),
-				},
-			},
-			CipherSuites: ciphers,
 		},
 	}