Skip to content
Permalink
Browse files

Initial push that contains the brand new Mozilla SSL Configuration

Generator.
  • Loading branch information...
april committed May 16, 2019
0 parents commit 03274e139fa3af3164a920b93f681e3455785516
Showing with 18,763 additions and 0 deletions.
  1. +2 −0 .gitignore
  2. +44 −0 README.md
  3. +147 −0 config/server-side-tls-conf.json
  4. +157 −0 config/webpack.config.js
  5. +7,238 −0 docs/e6c81945f09d82640c33.index.css
  6. +77 −0 docs/e6c81945f09d82640c33.index.js
  7. +154 −0 docs/index.html
  8. +10,028 −0 package-lock.json
  9. +55 −0 package.json
  10. +16 −0 src/css/_bootstrap.scss
  11. +28 −0 src/css/_fonts.scss
  12. +37 −0 src/css/index.scss
  13. BIN src/fonts/open-sans-v15-latin_latin-ext-regular.woff
  14. BIN src/fonts/open-sans-v15-latin_latin-ext-regular.woff2
  15. BIN src/fonts/zilla-slab-v4-latin_latin-ext-700.woff
  16. BIN src/fonts/zilla-slab-v4-latin_latin-ext-700.woff2
  17. BIN src/fonts/zilla-slab-v4-latin_latin-ext-regular.woff
  18. BIN src/fonts/zilla-slab-v4-latin_latin-ext-regular.woff2
  19. +69 −0 src/js/configs.js
  20. +5 −0 src/js/constants.js
  21. +7 −0 src/js/helpers/includes.js
  22. +16 −0 src/js/helpers/minpatchver.js
  23. +27 −0 src/js/helpers/minver.js
  24. +19 −0 src/js/helpers/normalizever.js
  25. +3 −0 src/js/helpers/replace.js
  26. +3 −0 src/js/helpers/reverse.js
  27. +16 −0 src/js/helpers/sameminorver.js
  28. +3 −0 src/js/helpers/split.js
  29. +124 −0 src/js/index.js
  30. +42 −0 src/js/state.js
  31. +4 −0 src/js/utils.js
  32. +101 −0 src/templates/index.ejs
  33. +28 −0 src/templates/partials/apache.hbs
  34. +86 −0 src/templates/partials/awselb.hbs
  35. +28 −0 src/templates/partials/haproxy.hbs
  36. +8 −0 src/templates/partials/header.hbs
  37. +41 −0 src/templates/partials/lighttpd.hbs
  38. +7 −0 src/templates/partials/mysql.hbs
  39. +60 −0 src/templates/partials/nginx.hbs
  40. +52 −0 src/templates/partials/oraclehttp.hbs
  41. +19 −0 src/templates/partials/postfix.hbs
  42. +12 −0 src/templates/partials/postgresql.hbs
@@ -0,0 +1,2 @@
build
node_modules
@@ -0,0 +1,44 @@
# Mozilla SSL Configuration Generator

The Mozilla SSL Configuration Generator is a tool which builds configuration files to help you follow the Mozilla [Server Side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS) configuration guidelines.

## Installation

```bash
$ npm install
```

## Development

Once you've installed, you can simply run:

```bash
$ npm run watch
```

This starts a local webserver that will automatically reload your changes.

## Adding new software

There are two places that need to be updated in order to add support for a new piece of software:

`js/configs.js`, which sets the supported features for your software, and
`templates/partials/your-software.hbs`, a Handlebars.js template that mirrors your software's configuration

## Building

To publish to GitHub Pages, simply run:

```bash
$ npm run build
```

## Authors

* [April King](https://github.com/april)
* [Gene Wood](https://github.com/gene1wood)
* [Julien Vehent](https://github.com/jvehent)

## License

* Mozilla Public License Version 2.0
@@ -0,0 +1,147 @@
{
"href": "https://statics.tls.security.mozilla.org/server-side-tls-conf.json",
"configurations": {
"modern": {
"openssl_ciphersuites": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"ciphersuites": [
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256"
],
"tls_versions": ["TLSv1.2" ],
"tls_curves": [ "prime256v1", "secp384r1", "secp521r1" ],
"certificate_types": ["ecdsa"],
"certificate_curves": ["prime256v1", "secp384r1", "secp521r1"],
"certificate_signatures": ["sha256WithRSAEncryption", "ecdsa-with-SHA256", "ecdsa-with-SHA384", "ecdsa-with-SHA512"],
"rsa_key_size": 2048,
"dh_param_size": null,
"ecdh_param_size": 256,
"hsts_min_age": 15768000,
"oldest_clients": [ "Firefox 27", "Chrome 30", "IE 11 on Windows 7", "Edge 1", "Opera 17", "Safari 9", "Android 5.0", "Java 8"]
},
"intermediate": {
"openssl_ciphersuites": "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS",
"ciphersuites": [
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-RSA-AES128-SHA",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA",
"DHE-RSA-AES256-SHA256",
"DHE-RSA-AES256-SHA",
"ECDHE-ECDSA-DES-CBC3-SHA",
"ECDHE-RSA-DES-CBC3-SHA",
"EDH-RSA-DES-CBC3-SHA",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA256",
"AES256-SHA256",
"AES128-SHA",
"AES256-SHA",
"DES-CBC3-SHA"
],
"tls_versions": ["TLSv1.2", "TLSv1.1", "TLSv1" ],
"tls_curves": [ "secp256r1", "secp384r1", "secp521r1" ],
"certificate_types": ["rsa"],
"certificate_curves": null,
"certificate_signatures": ["sha256WithRSAEncryption"],
"rsa_key_size": 2048,
"dh_param_size": 2048,
"ecdh_param_size": 256,
"hsts_min_age": 15768000,
"oldest_clients": [ "Firefox 1", "Chrome 1", "IE 7", "Opera 5", "Safari 1", "Windows XP IE8", "Android 2.3", "Java 7" ]
},
"old": {
"openssl_ciphersuites": "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP",
"ciphersuites": [
"ECDHE-ECDSA-CHACHA20-POLY1305",
"ECDHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"DHE-RSA-AES128-GCM-SHA256",
"DHE-DSS-AES128-GCM-SHA256",
"DHE-DSS-AES256-GCM-SHA384",
"DHE-RSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA",
"ECDHE-ECDSA-AES256-SHA",
"DHE-RSA-AES128-SHA256",
"DHE-RSA-AES128-SHA",
"DHE-DSS-AES128-SHA256",
"DHE-RSA-AES256-SHA256",
"DHE-DSS-AES256-SHA",
"DHE-RSA-AES256-SHA",
"ECDHE-RSA-DES-CBC3-SHA",
"ECDHE-ECDSA-DES-CBC3-SHA",
"EDH-RSA-DES-CBC3-SHA",
"AES128-GCM-SHA256",
"AES256-GCM-SHA384",
"AES128-SHA256",
"AES256-SHA256",
"AES128-SHA",
"AES256-SHA",
"DHE-DSS-AES256-SHA256",
"DHE-DSS-AES128-SHA",
"DES-CBC3-SHA",
"DHE-RSA-CHACHA20-POLY1305",
"ECDHE-RSA-CAMELLIA256-SHA384",
"ECDHE-ECDSA-CAMELLIA256-SHA384",
"DHE-RSA-CAMELLIA256-SHA256",
"DHE-DSS-CAMELLIA256-SHA256",
"DHE-RSA-CAMELLIA256-SHA",
"DHE-DSS-CAMELLIA256-SHA",
"CAMELLIA256-SHA256",
"CAMELLIA256-SHA",
"ECDHE-RSA-CAMELLIA128-SHA256",
"ECDHE-ECDSA-CAMELLIA128-SHA256",
"DHE-RSA-CAMELLIA128-SHA256",
"DHE-DSS-CAMELLIA128-SHA256",
"DHE-RSA-CAMELLIA128-SHA",
"DHE-DSS-CAMELLIA128-SHA",
"CAMELLIA128-SHA256",
"CAMELLIA128-SHA",
"DHE-RSA-SEED-SHA",
"DHE-DSS-SEED-SHA",
"SEED-SHA"
],
"tls_versions": ["TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3" ],
"tls_curves": [ "secp256r1", "secp384r1", "secp521r1" ],
"certificate_types": ["rsa"],
"certificate_curves": null,
"certificate_signatures": ["sha1WithRSAEncryption"],
"rsa_key_size": 2048,
"dh_param_size": 1024,
"ecdh_param_size": 160,
"hsts_min_age": 15768000,
"oldest_clients": [ "Firefox 1", "Chrome 1", "Windows XP IE 6", "Opera 4", "Safari 1", "Java 6" ]
}
},
"version": 4.0
}
@@ -0,0 +1,157 @@
const constants = require('../src/js/constants.js');
const configs = require('../src/js/configs.js');

const BundleAnalyzerPlugin = require('webpack-bundle-analyzer').BundleAnalyzerPlugin;
const BrowserSyncWebpackPlugin = require('browser-sync-webpack-plugin');
const CleanWebpackPlugin = require('clean-webpack-plugin');
const CopyWebpackPlugin = require('copy-webpack-plugin');
const HtmlWebpackPlugin = require('html-webpack-plugin');
const MiniCssExtractPlugin = require('mini-css-extract-plugin');
const path = require('path');
const webpack = require('webpack');
const production = process.env.NODE_ENV === 'production';


// the many plugins used
const plugins = [
new CleanWebpackPlugin(
['build/*/*/*', 'build/*/*', 'build/*', 'docs/*/*/*', 'docs/*/*', 'docs/*'],
{
root: path.resolve(__dirname, '..'),
verbose: true
}
),
new webpack.ProvidePlugin({
jQuery: 'jquery',
$: 'jquery',
}),
new HtmlWebpackPlugin({
constants,
configs,
title: 'Mozilla SSL Configuration Generator',
template: 'src/templates/index.ejs'
}),
new CopyWebpackPlugin([
{
from: 'src/images',
to: 'images/',
flatten: false
}
]),
new MiniCssExtractPlugin({
filename: '[hash].index.css',
})
];

// either we analyze or watch
if (process.env.NODE_ENV === 'analyze') {
plugins.push(
new BundleAnalyzerPlugin({})
)
} else {
plugins.push(
new BrowserSyncWebpackPlugin({
host: 'localhost',
port: 5500,
server: {
baseDir: 'build'
}
})
)
}

module.exports = {
output: {
crossOriginLoading: 'anonymous',
library: 'SSLConfigGenerator',
libraryTarget: 'var',
path: production ? path.resolve(__dirname, '..', 'docs') : path.resolve(__dirname, '..', 'build'),
filename: '[hash].[name]'
},
entry: {
'index.js': path.resolve(__dirname, '..', 'src', 'js', 'index.js')
},
mode: production ? 'production' : 'development',
devtool: production ? undefined : 'source-map',
module: {
rules: [
{
test: /\.ejs$/,
use: {
loader: 'ejs-loader',
}
},
{
test: /\.hbs$/,
use: {
loader: 'handlebars-loader',
options: {
'helperDirs': [
path.resolve(__dirname, '..', 'src', 'js', 'helpers')
]
}
}
},
{
test: /\.js$/,
include: path.resolve(__dirname, '..', 'src'),
use: [{
loader: 'babel-loader',
options: {
babelrc: false,
plugins: [
'@babel/plugin-proposal-object-rest-spread'
],
presets: [
['@babel/preset-env', {
'targets': {
'ie': 11
},
'shippedProposals': true
}]
]
}
}]
},
{
test: /\.(sa|sc|c)ss$/,
//include: path.resolve(__dirname, '..', 'src'),
use: [{
loader: MiniCssExtractPlugin.loader
},
'css-loader',
{
loader: 'postcss-loader', // Run post css actions
options: {
plugins: function () { // post css plugins, can be exported to postcss.config.js
return [
require('precss'),
require('autoprefixer')
];
}
}
},
'sass-loader'
]},
{
test: /\.(ttf|eot|woff|woff2)$/,
use: {
loader: 'file-loader',
options: {
name: 'fonts/[name].[ext]'
}
}
},
{
test: /\.(svg)$/,
use: {
loader: 'file-loader',
options: {
name: 'img/[name].[ext]'
}
}
}
]
},
plugins: plugins,
};

0 comments on commit 03274e1

Please sign in to comment.
You can’t perform that action at this time.