plugpax.blogg.se - Pfs explorer rename

The use of the Old configuration with modern versions of OpenSSL may require custom builds with support for deprecated ciphers.įor services with clients that support TLS 1.3 and don't need backward compatibility, the Modern configuration provides an extremely high level of security. OpenSSL will ignore cipher suites it doesn't understand, so always use the full set of cipher suites below, in their recommended order. The ordering of cipher suites in the Old configuration is very important, as it determines the priority with which algorithms are selected.

Old : Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8.

Intermediate : Recommended configuration for a general-purpose server.

Modern : Modern clients that support TLS 1.3, with no need for backwards compatibility.

Pick the correct configuration depending on your audience: Mozilla maintains three recommended configurations for servers using TLS. In the interests of usability and maintainability, these guidelines have been considerably simplified from the previous guidelines. Issues related to the configuration generator are maintained in their own GitHub repository. Updates to this page should be submitted to the server-side-tls repository on GitHub. Changes are reviewed and merged by the Mozilla Operations Security and Enterprise Information Security teams.

Mozilla maintains this document as a reference guide for navigating the TLS landscape, as well as a configuration generator to assist system administrators. All Mozilla websites and deployments should follow the recommendations below. The goal of this document is to help operational teams with the configuration of TLS. 1.2 Intermediate compatibility (recommended).