How to optimally configure the Go TLS server

To optimally configure your Go TLS server, use the following configuration.

&tls.Config{
  MinVersion:               tls.VersionTLS11,
  PreferServerCipherSuites: true,
  CipherSuites: []uint16{
      tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
      tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
      tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
      tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
      tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
      tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
      tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
      tls.TLS_RSA_WITH_AES_256_CBC_SHA,
      tls.TLS_RSA_WITH_AES_128_CBC_SHA,
      // if you need 3DES use these...
      // tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
      // tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
  },
}