summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJulien Vehent <julien@linuxwall.info>2016-02-23 08:11:45 -0500
committerJulien Vehent <julien@linuxwall.info>2016-02-23 08:11:45 -0500
commit76fd4d931aee018c2a6d0c871d6e0bb08d1f0651 (patch)
tree3a6922f0f5afd72694a85cc609cf264975995d51
parent79a3be2bfc6fb2450742215622c0a375041fd633 (diff)
downloadserver-side-tls-76fd4d931aee018c2a6d0c871d6e0bb08d1f0651.zip
server-side-tls-76fd4d931aee018c2a6d0c871d6e0bb08d1f0651.tar.gz
server-side-tls-76fd4d931aee018c2a6d0c871d6e0bb08d1f0651.tar.bz2
Provide latest json configuration
Diffstat
-rw-r--r--Server_Side_TLS.mediawiki4
-rw-r--r--json/server-side-tls-conf.json147
2 files changed, 150 insertions, 1 deletions
diff --git a/Server_Side_TLS.mediawiki b/Server_Side_TLS.mediawiki
index 445a4bd..60294d8 100644
--- a/Server_Side_TLS.mediawiki
+++ b/Server_Side_TLS.mediawiki
@@ -207,7 +207,9 @@ You can find the recommendations above in JSON format at the address [https://st
This location is permanent and can be referenced in scripts and tools. The file is versioned and will not change, to avoid breaking tools when we update the recommendations.
-New versions will have their own URLs and will be referenced on this page.
+If you wish to point to the latest version of the recommendations, use this address: [[https://statics.tls.security.mozilla.org/server-side-tls-conf.json https://statics.tls.security.mozilla.org/server-side-tls-conf.json].
+Be advised the above will always point to the latest version and '''will not provide backward compatibility'''.
+If you use it to automatically configure your servers without review, it may break things. Prefer the version-specific files instead.
== Previous versions ==
diff --git a/json/server-side-tls-conf.json b/json/server-side-tls-conf.json
new file mode 100644
index 0000000..ef7c2a3
--- /dev/null
+++ b/json/server-side-tls-conf.json
@@ -0,0 +1,147 @@
+{
+ "href": "https://statics.tls.security.mozilla.org/server-side-tls-conf.json",
+ "configurations": {
+ "modern": {
+ "openssl_ciphersuites": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
+ "ciphersuites": [
+ "ECDHE-ECDSA-AES256-GCM-SHA384",
+ "ECDHE-RSA-AES256-GCM-SHA384",
+ "ECDHE-ECDSA-CHACHA20-POLY1305",
+ "ECDHE-RSA-CHACHA20-POLY1305",
+ "ECDHE-ECDSA-AES128-GCM-SHA256",
+ "ECDHE-RSA-AES128-GCM-SHA256",
+ "ECDHE-ECDSA-AES256-SHA384",
+ "ECDHE-RSA-AES256-SHA384",
+ "ECDHE-ECDSA-AES128-SHA256",
+ "ECDHE-RSA-AES128-SHA256"
+ ],
+ "tls_versions": ["TLSv1.2" ],
+ "tls_curves": [ "prime256v1", "secp384r1", "secp521r1" ],
+ "certificate_types": ["ecdsa"],
+ "certificate_curves": ["prime256v1", "secp384r1", "secp521r1"],
+ "certificate_signatures": ["sha256WithRSAEncryption", "ecdsa-with-SHA256", "ecdsa-with-SHA384", "ecdsa-with-SHA512"],
+ "rsa_key_size": 2048,
+ "dh_param_size": null,
+ "ecdh_param_size": 256,
+ "hsts_min_age": 15768000,
+ "oldest_clients": [ "Firefox 27", "Chrome 30", "IE 11 on Windows 7", "Edge 1", "Opera 17", "Safari 9", "Android 5.0", "Java 8"]
+ },
+ "intermediate": {
+ "openssl_ciphersuites": "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS",
+ "ciphersuites": [
+ "ECDHE-ECDSA-CHACHA20-POLY1305",
+ "ECDHE-RSA-CHACHA20-POLY1305",
+ "ECDHE-ECDSA-AES128-GCM-SHA256",
+ "ECDHE-RSA-AES128-GCM-SHA256",
+ "ECDHE-ECDSA-AES256-GCM-SHA384",
+ "ECDHE-RSA-AES256-GCM-SHA384",
+ "DHE-RSA-AES128-GCM-SHA256",
+ "DHE-RSA-AES256-GCM-SHA384",
+ "ECDHE-ECDSA-AES128-SHA256",
+ "ECDHE-RSA-AES128-SHA256",
+ "ECDHE-ECDSA-AES128-SHA",
+ "ECDHE-RSA-AES256-SHA384",
+ "ECDHE-RSA-AES128-SHA",
+ "ECDHE-ECDSA-AES256-SHA384",
+ "ECDHE-ECDSA-AES256-SHA",
+ "ECDHE-RSA-AES256-SHA",
+ "DHE-RSA-AES128-SHA256",
+ "DHE-RSA-AES128-SHA",
+ "DHE-RSA-AES256-SHA256",
+ "DHE-RSA-AES256-SHA",
+ "ECDHE-ECDSA-DES-CBC3-SHA",
+ "ECDHE-RSA-DES-CBC3-SHA",
+ "EDH-RSA-DES-CBC3-SHA",
+ "AES128-GCM-SHA256",
+ "AES256-GCM-SHA384",
+ "AES128-SHA256",
+ "AES256-SHA256",
+ "AES128-SHA",
+ "AES256-SHA",
+ "DES-CBC3-SHA"
+ ],
+ "tls_versions": ["TLSv1.2", "TLSv1.1", "TLSv1" ],
+ "tls_curves": [ "secp256r1", "secp384r1", "secp521r1" ],
+ "certificate_types": ["rsa"],
+ "certificate_curves": null,
+ "certificate_signatures": ["sha256WithRSAEncryption"],
+ "rsa_key_size": 2048,
+ "dh_param_size": 2048,
+ "ecdh_param_size": 256,
+ "hsts_min_age": 15768000,
+ "oldest_clients": [ "Firefox 1", "Chrome 1", "IE 7", "Opera 5", "Safari 1", "Windows XP IE8", "Android 2.3", "Java 7" ]
+ },
+ "old": {
+ "openssl_ciphersuites": "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP",
+ "ciphersuites": [
+ "ECDHE-ECDSA-CHACHA20-POLY1305",
+ "ECDHE-RSA-CHACHA20-POLY1305",
+ "ECDHE-RSA-AES128-GCM-SHA256",
+ "ECDHE-ECDSA-AES128-GCM-SHA256",
+ "ECDHE-RSA-AES256-GCM-SHA384",
+ "ECDHE-ECDSA-AES256-GCM-SHA384",
+ "DHE-RSA-AES128-GCM-SHA256",
+ "DHE-DSS-AES128-GCM-SHA256",
+ "DHE-DSS-AES256-GCM-SHA384",
+ "DHE-RSA-AES256-GCM-SHA384",
+ "ECDHE-RSA-AES128-SHA256",
+ "ECDHE-ECDSA-AES128-SHA256",
+ "ECDHE-RSA-AES128-SHA",
+ "ECDHE-ECDSA-AES128-SHA",
+ "ECDHE-RSA-AES256-SHA384",
+ "ECDHE-ECDSA-AES256-SHA384",
+ "ECDHE-RSA-AES256-SHA",
+ "ECDHE-ECDSA-AES256-SHA",
+ "DHE-RSA-AES128-SHA256",
+ "DHE-RSA-AES128-SHA",
+ "DHE-DSS-AES128-SHA256",
+ "DHE-RSA-AES256-SHA256",
+ "DHE-DSS-AES256-SHA",
+ "DHE-RSA-AES256-SHA",
+ "ECDHE-RSA-DES-CBC3-SHA",
+ "ECDHE-ECDSA-DES-CBC3-SHA",
+ "EDH-RSA-DES-CBC3-SHA",
+ "AES128-GCM-SHA256",
+ "AES256-GCM-SHA384",
+ "AES128-SHA256",
+ "AES256-SHA256",
+ "AES128-SHA",
+ "AES256-SHA",
+ "DHE-DSS-AES256-SHA256",
+ "DHE-DSS-AES128-SHA",
+ "DES-CBC3-SHA",
+ "DHE-RSA-CHACHA20-POLY1305",
+ "ECDHE-RSA-CAMELLIA256-SHA384",
+ "ECDHE-ECDSA-CAMELLIA256-SHA384",
+ "DHE-RSA-CAMELLIA256-SHA256",
+ "DHE-DSS-CAMELLIA256-SHA256",
+ "DHE-RSA-CAMELLIA256-SHA",
+ "DHE-DSS-CAMELLIA256-SHA",
+ "CAMELLIA256-SHA256",
+ "CAMELLIA256-SHA",
+ "ECDHE-RSA-CAMELLIA128-SHA256",
+ "ECDHE-ECDSA-CAMELLIA128-SHA256",
+ "DHE-RSA-CAMELLIA128-SHA256",
+ "DHE-DSS-CAMELLIA128-SHA256",
+ "DHE-RSA-CAMELLIA128-SHA",
+ "DHE-DSS-CAMELLIA128-SHA",
+ "CAMELLIA128-SHA256",
+ "CAMELLIA128-SHA",
+ "DHE-RSA-SEED-SHA",
+ "DHE-DSS-SEED-SHA",
+ "SEED-SHA"
+ ],
+ "tls_versions": ["TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3" ],
+ "tls_curves": [ "secp256r1", "secp384r1", "secp521r1" ],
+ "certificate_types": ["rsa"],
+ "certificate_curves": null,
+ "certificate_signatures": ["sha1WithRSAEncryption"],
+ "rsa_key_size": 2048,
+ "dh_param_size": 1024,
+ "ecdh_param_size": 160,
+ "hsts_min_age": 15768000,
+ "oldest_clients": [ "Firefox 1", "Chrome 1", "Windows XP IE 6", "Opera 4", "Safari 1", "Java 6" ]
+ }
+ },
+ "version": 4.0
+}
generated by cgit v1.1 at 2025-05-10 14:35:33 +0000