a45a32fb3e
This commit is the result of several months of discussions and maturation. It represents the state of the art in TLS configurations. It has been rebased, but the history is shown below and can be read at: https://github.com/mozilla/server-side-tls/pull/97 - V4: updated levels, added JSON - Remove DHE from modern, add ChaCha20 - prefer aes256 in modern, add ecdh size parameter - Remove TLSv1.1 from modern level - Prefer AES256-GCM to ChaCha20 in modern configuration - Recommend ECDSAWithSHA384 as cert signature in modern conf - Remove unused document signature - Change recommended curve in Modern to P256 - Convert certificate types, curves and signatures to lists to support multiple acceptable values - readd EDH-RSA-DES-CBC3-SHA to intermediate and old - Add DHE-RSA-AES256-GCM-SHA384 to intermediate level - rename json keys - Revisit old ciphersuites - Update wiki document with latest recommendations and rationales - Add paragraph on certificates switching - Remove configuration samples & cleanup some stuff - reset changes to conf generator |
||
|---|---|---|
| css | ||
| media | ||
| ssl-config-generator | ||
| LICENSE | ||
| README.md | ||
| ServerSideTLSConfigurations.json | ||
| Server_Side_TLS.mediawiki | ||
| googled0fc83731b2a2326.html | ||
README.md
Server Side TLS
Welcome to Mozilla's SSL/TLS Configuration Generator. For direct access to the generator, follow this link: https://mozilla.github.io/server-side-tls/ssl-config-generator/
This repository also contains the mediawiki source for Mozilla's Server Side TLS document at https://wiki.mozilla.org/Security/Server_Side_TLS .