Recently found https://cryptcheck.fr/

My score is relatively slow because it says that I have the following enabled:

• ECDHE-ECDSA-AES128-SHA
• ECDHE-ECDSA-AES256-SHA

The problem is, I've searched google and I can't seem to find where to define my ciphers for https. I've found documentation for if you're using Nginx / apache, but I'm using whatever webserver comes with the SearXNG docker container, and I can't seem to figure out where to even start with this.

If it helps any, I'm also using Traefik.

Edit:
After I wrote "Traefik" in this post, I decided to go google Traefik itself. I figured I had nothing to lose. And right there in the damn docs was the entries needed.

Anyone else having this issue who runs behind Traefik, open your Traefik dynamic.yml and add the following:

tls:
    options:
        default:
            sniStrict: true
            minVersion: VersionTLS12
            cipherSuites:
                - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
                - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
                - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
                - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
                - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
                - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
                - TLS_AES_128_GCM_SHA256
                - TLS_AES_256_GCM_SHA384
                - TLS_CHACHA20_POLY1305_SHA256
            curvePreferences:
                - CurveP521
                - CurveP384

This should take care of SHA-1 ciphers and getting a low score.

Another note. If you are using Traefik but also on Cloudflare, it's not so simple. Cloudflare is what controls your cipher suites. In order to rank high and get rid of the weak ciphers, you must enable TLS 1.3 only on your site through your Cloudflare account under SSL/TLS.

If you want customized TLS 1.2 cipher suites, you have to pay for Cloudflare's "Certificate Manager" service, and then you can customize what ciphers are enabled.