Skip to content

Commit

Permalink
Push new build
Browse files Browse the repository at this point in the history
  • Loading branch information
@gene1wood
gene1wood committed May 16, 2023
1 parent c213252 commit 2990f04
Show file tree
Hide file tree
Showing 6 changed files with 336 additions and 9 deletions.
0 docs/1cc26c2306e13918bd11.index.css → docs/d71c765a144fca3bbc09.index.css
View file
File renamed without changes.
4 changes: 2 additions & 2 deletions docs/1cc26c2306e13918bd11.index.js → docs/d71c765a144fca3bbc09.index.js
View file

Large diffs are not rendered by default.

209 changes: 209 additions & 0 deletions docs/guidelines/5.7.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@
{
"version": 5.7,
"href": "https://ssl-config.mozilla.org/guidelines/5.7.json",
"configurations": {
"modern": {
"certificate_curves": ["prime256v1", "secp384r1"],
"certificate_signatures": ["ecdsa-with-SHA256", "ecdsa-with-SHA384", "ecdsa-with-SHA512"],
"certificate_types": ["ecdsa"],
"ciphers": {
"caddy": [],
"go": [],
"iana": [],
"openssl": []
},
"ciphersuites": [
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256"
],
"dh_param_size": null,
"ecdh_param_size": 256,
"hsts_min_age": 63072000,
"maximum_certificate_lifespan": 90,
"ocsp_staple": true,
"oldest_clients": ["Firefox 63", "Android 10.0", "Chrome 70", "Edge 75", "Java 11", "OpenSSL 1.1.1", "Opera 57", "Safari 12.1"],
"recommended_certificate_lifespan": 90,
"rsa_key_size": null,
"server_preferred_order": false,
"tls_curves": ["X25519", "prime256v1", "secp384r1"],
"tls_versions": ["TLSv1.3"]
},
"intermediate": {
"certificate_curves": ["prime256v1", "secp384r1"],
"certificate_signatures": ["sha256WithRSAEncryption", "ecdsa-with-SHA256", "ecdsa-with-SHA384", "ecdsa-with-SHA512"],
"certificate_types": ["ecdsa", "rsa"],
"ciphers": {
"caddy": [
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
],
"go": [
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
],
"iana": [
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
],
"openssl": [
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES256-GCM-SHA384",
"DHE-RSA-CHACHA20-POLY1305"
]
},
"ciphersuites": [
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256"
],
"dh_param_size": 2048,
"ecdh_param_size": 256,
"hsts_min_age": 63072000,
"maximum_certificate_lifespan": 366,
"ocsp_staple": true,
"oldest_clients": ["Firefox 27", "Android 4.4.2", "Chrome 31", "Edge", "IE 11 on Windows 7", "Java 8u31", "OpenSSL 1.0.1", "Opera 20", "Safari 9"],
"recommended_certificate_lifespan": 90,
"rsa_key_size": 2048,
"server_preferred_order": false,
"tls_curves": ["X25519", "prime256v1", "secp384r1"],
"tls_versions": ["TLSv1.2", "TLSv1.3"]
},
"old": {
"certificate_curves": ["prime256v1", "secp384r1"],
"certificate_signatures": ["sha256WithRSAEncryption"],
"certificate_types": ["rsa"],
"ciphers": {
"caddy": [
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
],
"go": [
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
],
"iana": [
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_CBC_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
],
"openssl": [
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES256-GCM-SHA384",
"DHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES256-SHA256",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA256",
"AES256-SHA256",
"AES128-SHA",
"AES256-SHA",
"DES-CBC3-SHA"
]
},
"ciphersuites": [
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256"
],
"dh_param_size": 1024,
"ecdh_param_size": 256,
"hsts_min_age": 63072000,
"maximum_certificate_lifespan": 366,
"ocsp_staple": true,
"oldest_clients": ["Firefox 1", "Android 2.3", "Chrome 1", "Edge 12", "IE8 on Windows XP", "Java 6", "OpenSSL 0.9.8", "Opera 5", "Safari 1"],
"recommended_certificate_lifespan": 90,
"rsa_key_size": 2048,
"server_preferred_order": true,
"tls_curves": ["X25519", "prime256v1", "secp384r1"],
"tls_versions": ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"]
}
}
}
116 changes: 116 additions & 0 deletions docs/guidelines/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
This project doesn't adhere to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [5.7] - 2023-05-15

### Changed

- `intermediate` configuration in order to append `TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256`
to the bottom of the cipher list for `iana` and `openssl`. [mozilla/server-side-tls#285](https://github.com/mozilla/server-side-tls/issues/285)

## [5.6] - 2020-07-24

### Added

- support for caddy

### Fixed

- incorrect cipher ordering for the `intermediate` configuration for `go` and `iana`

## [5.5] - 2020-07-22

### Added

- `recommended_certificate_lifespan` of 90

### Changed

- `maximum_certificate_lifespan` from 730 to 366

## [5.4] - 2020-01-21

### Changed

- `intermediate` and `old` configuration's `certificate_curves` list from `null` to `prime256v1` and `secp384r1`
- `intermediate` configuration `rsa_key_size` from 2048 to `null`

## [5.3] - 2020-01-02

### Changed

- `intermediate` and `old` configuration's `tls_curves` list, replacing `secp256r1` with `prime256v1`

## [5.2] - 2019-08-20

### Added

- support for `go`

## [5.1] - 2019-07-16

This release has breaking changes due to the renaming of some JSON keys

### Added

- a new `ciphers` key to contain lists of ciphers for various clients
- support for `iana` cipherFormat, an alternative to `openssl`

### Changed

- the `openssl_ciphersuites` key to be called `ciphersuites`
- the `openssl_ciphers` key to be a child of the new `ciphers` key and rename it
from `openssl_ciphers` to `openssl`

## [5.0] - 2019-06-28

### Added

- three `certificate_signatures` to the `intermediate` configuration : `ecdsa-with-SHA256`, `ecdsa-with-SHA384` and `ecdsa-with-SHA512`
- the `ecdsa` `certificate_type` to the `intermediate` configuration
- `Safari 9` to the list of `oldest_clients` for the `intermediate` configuration
- the new `maximum_certificate_lifespan` key
- the new `ocsp_staple` key
- the new `server_preferred_order` key

### Changed

- the `ciphersuites` key, renaming it to `openssl_ciphers`
- the `hsts_min_age` value for all configurations from 15768000 to 63072000
- the `tls_curves` for the `intermediate` and `modern` configurations, removing `secp521r1` and
adding `X25519` to the top
- the `openssl_ciphersuites` key from containing a colon-delimited string to
containing a list
- the `tls_versions` for the `intermediate` configuration, removing `TLSv1` and `TLSv1.1` and adding `TLSv1.3`
- the `tls_versions` for the `modern` configuration from `TLSv1.2` to `TLSv1.3`
- the `tls_versions` for the `old` configuration, removing `SSLv3` and adding `TLSv1.3`
- all of the `oldest_clients` in the `modern` configuration
- and added to the list of `oldest_clients` in the `old` configuration
- the entire order and list of `openssl_ciphers` and `openssl_ciphersuites` for all configurations. This was
a very significant change.

### Removed

- `sha256WithRSAEncryption` from the `modern` `certificate_signatures` list
- `secp521r1` from the `modern` configuration's `certificate_curves` list

## [4.0] - 2016-02-13

Initial version

[unreleased]: https://github.com/mozilla/ssl-config-generator/compare/9e999856e19e604a06b06cfbc2e949d184c5f4d3...HEAD
[5.7]: https://github.com/mozilla/ssl-config-generator/compare/9e999856e19e604a06b06cfbc2e949d184c5f4d3...HEAD
[5.6]: https://github.com/mozilla/ssl-config-generator/compare/aa0718d93437a17258e92313cda708d1b209abd4...9e999856e19e604a06b06cfbc2e949d184c5f4d3
[5.5]: https://github.com/mozilla/ssl-config-generator/compare/c48ecf5dcf43d3ed0f1f0e6a85ca1ae336984f4c...aa0718d93437a17258e92313cda708d1b209abd4
[5.4]: https://github.com/mozilla/ssl-config-generator/compare/477459e9ebeb4ccf7e68aaad6c1c5f7c7a44174b...c48ecf5dcf43d3ed0f1f0e6a85ca1ae336984f4c
[5.3]: https://github.com/mozilla/ssl-config-generator/compare/e3e697518ce58fd0a39d7ff7fd626a0af7abfd54...477459e9ebeb4ccf7e68aaad6c1c5f7c7a44174b
[5.2]: https://github.com/mozilla/ssl-config-generator/compare/8e726dbbad1aec5c95e76d1f90c1b0836b9058f7...e3e697518ce58fd0a39d7ff7fd626a0af7abfd54
[5.1]: https://github.com/mozilla/ssl-config-generator/compare/2d6ded646926e4b9ca050ba28912c144aa49df2d...8e726dbbad1aec5c95e76d1f90c1b0836b9058f7
[5.0]: https://github.com/mozilla/ssl-config-generator/compare/03274e139fa3af3164a920b93f681e3455785516...2d6ded646926e4b9ca050ba28912c144aa49df2d
[4.0]: https://github.com/mozilla/server-side-tls/releases/tag/v4.0
10 changes: 6 additions & 4 deletions docs/guidelines/latest.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"version": 5.6,
"href": "https://ssl-config.mozilla.org/guidelines/5.6.json",
"version": 5.7,
"href": "https://ssl-config.mozilla.org/guidelines/5.7.json",
"configurations": {
"modern": {
"certificate_curves": ["prime256v1", "secp384r1"],
Expand Down Expand Up @@ -58,7 +58,8 @@
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
],
"openssl": [
"ECDHE-ECDSA-AES128-GCM-SHA256",
Expand All @@ -68,7 +69,8 @@
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES256-GCM-SHA384"
"DHE-RSA-AES256-GCM-SHA384",
"DHE-RSA-CHACHA20-POLY1305"
]
},
"ciphersuites": [
Expand Down
6 changes: 3 additions & 3 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
<link rel="shortcut icon" href="/images/favicons/favicon.ico">

<title>Mozilla SSL Configuration Generator</title>
<link href="1cc26c2306e13918bd11.index.css" rel="stylesheet"></head>
<link href="d71c765a144fca3bbc09.index.css" rel="stylesheet"></head>
<body>
<div class="container pt-4">
<div class="h2 pb-2">
Expand Down Expand Up @@ -339,8 +339,8 @@ <h5>Product Help</h5>
</div>


<div class="w-100 d-none d-md-block pr-3 pb-1 small text-right text-muted"><a class="text-secondary" href="https://github.com/mozilla/ssl-config-generator/commit/e6bc57e">build e6bc57e</a>, generated 2022-07-28</div>
<div class="w-100 d-none d-md-block pr-3 pb-1 small text-right text-muted"><a class="text-secondary" href="https://github.com/mozilla/ssl-config-generator/commit/c213252">build c213252</a>, generated 2023-05-16</div>

</footer>
<script type="text/javascript" src="1cc26c2306e13918bd11.index.js"></script></body>
<script type="text/javascript" src="d71c765a144fca3bbc09.index.js"></script></body>
</html>

0 comments on commit 2990f04

Please sign in to comment.