/
defaults.cr
122 lines (116 loc) · 4.78 KB
/
defaults.cr
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# THIS FILE WAS AUTOMATICALLY GENERATED BY script/ssl_server_defaults.cr
# on 2020-10-09 20:33:59 UTC.
abstract class OpenSSL::SSL::Context
# The list of secure ciphers on **modern** compatibility level as per Mozilla
# recommendations.
#
# The oldest clients supported by this configuration are:
# * Firefox 63
# * Android 10.0
# * Chrome 70
# * Edge 75
# * Java 11
# * OpenSSL 1.1.1
# * Opera 57
# * Safari 12.1
#
# This list represents version 5.6 of the modern configuration
# available at https://ssl-config.mozilla.org/guidelines/5.6.json.
#
# See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
CIPHERS_MODERN = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
# The list of secure ciphersuites on **modern** compatibility level as per Mozilla
# recommendations.
#
# The oldest clients supported by this configuration are:
# * Firefox 63
# * Android 10.0
# * Chrome 70
# * Edge 75
# * Java 11
# * OpenSSL 1.1.1
# * Opera 57
# * Safari 12.1
#
# This list represents version 5.6 of the modern configuration
# available at https://ssl-config.mozilla.org/guidelines/5.6.json.
#
# See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
CIPHER_SUITES_MODERN = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
# The list of secure ciphers on **intermediate** compatibility level as per Mozilla
# recommendations.
#
# The oldest clients supported by this configuration are:
# * Firefox 27
# * Android 4.4.2
# * Chrome 31
# * Edge
# * IE 11 on Windows 7
# * Java 8u31
# * OpenSSL 1.0.1
# * Opera 20
# * Safari 9
#
# This list represents version 5.6 of the intermediate configuration
# available at https://ssl-config.mozilla.org/guidelines/5.6.json.
#
# See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
CIPHERS_INTERMEDIATE = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
# The list of secure ciphersuites on **intermediate** compatibility level as per Mozilla
# recommendations.
#
# The oldest clients supported by this configuration are:
# * Firefox 27
# * Android 4.4.2
# * Chrome 31
# * Edge
# * IE 11 on Windows 7
# * Java 8u31
# * OpenSSL 1.0.1
# * Opera 20
# * Safari 9
#
# This list represents version 5.6 of the intermediate configuration
# available at https://ssl-config.mozilla.org/guidelines/5.6.json.
#
# See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
CIPHER_SUITES_INTERMEDIATE = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
# The list of secure ciphers on **old** compatibility level as per Mozilla
# recommendations.
#
# The oldest clients supported by this configuration are:
# * Firefox 1
# * Android 2.3
# * Chrome 1
# * Edge 12
# * IE8 on Windows XP
# * Java 6
# * OpenSSL 0.9.8
# * Opera 5
# * Safari 1
#
# This list represents version 5.6 of the old configuration
# available at https://ssl-config.mozilla.org/guidelines/5.6.json.
#
# See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
CIPHERS_OLD = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
# The list of secure ciphersuites on **old** compatibility level as per Mozilla
# recommendations.
#
# The oldest clients supported by this configuration are:
# * Firefox 1
# * Android 2.3
# * Chrome 1
# * Edge 12
# * IE8 on Windows XP
# * Java 6
# * OpenSSL 0.9.8
# * Opera 5
# * Safari 1
#
# This list represents version 5.6 of the old configuration
# available at https://ssl-config.mozilla.org/guidelines/5.6.json.
#
# See https://wiki.mozilla.org/Security/Server_Side_TLS for details.
CIPHER_SUITES_OLD = "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
end