The following PR (https://github.com/keycloak/keycloak-gatekeeper/pull/449) is inspired by the idea of achieving higher scores on SSL Labs (https://blog.bracebin.com/achieving-perfect-ssl-labs-score-with-go). Even though I believe it's great to get high scores on SSL Labs, I can see some cons about this change: 1. ParseTLS() function needs to be updated for every new Golang version (https://github.com/keycloak/keycloak-gatekeeper/pull/449/files#diff-b4bda...) 2. We shouldn't support TLS 1.0, TLS 1.1 3. There's a chance that SSLv3 will be removed in Go 1.14 (https://github.com/golang/go/issues/32716) If we believe that's our desire to move forward with the idea behind this PR, probably some updates will be required. Anyways, feel free to comment on that. -- - abstractj