This repository was archived by the owner on May 28, 2026. It is now read-only.
v5.8 major refresh of guidelines
- summary: first major refresh of guidelines since 2020
- remove kDHE ciphers from Intermediate and Old;
recommended ciphers for Intermediate are now all PFS with AEAD - change Old dhParamSize from 1024 to 2048 and
use ffdhe2048 instead of locally generated dhparams - remove 'go' and 'caddy' cipher list from guidelines;
instead use IANA cipher names and supportedCiphers list in
configs.js to filter ciphers supported by Go crypto/tls module - add PQC hybrid KEM X25519MLKEM768 to recommended tls_curves
for Modern, Intermediate, and Old configurations