Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mozilla/ssl-config-generator.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorApril King <april@mozilla.com>2020-01-29 11:17:17 +0300
committerApril King <april@mozilla.com>2020-01-29 11:17:17 +0300
commitfd14d6f2d9a577778ca04b8389cd411cbc15345f (patch)
tree5ab684a17716685c43813bd0b8ef2eb65c7f9490
parentdb755cb5c8ce08af19673d8addbfef1d689954dc (diff)
Add better comments to top of configs, shorten URL
Diffstat
-rwxr-xr-xsrc/js/constants.js2
-rwxr-xr-xsrc/js/index.js18
-rw-r--r--src/js/state.js23
-rwxr-xr-xsrc/templates/index.ejs4
-rw-r--r--src/templates/partials/apache.hbs6
-rw-r--r--src/templates/partials/caddy.hbs3
-rw-r--r--src/templates/partials/dovecot.hbs3
-rw-r--r--src/templates/partials/exim.hbs3
-rw-r--r--src/templates/partials/golang.hbs3
-rw-r--r--src/templates/partials/haproxy.hbs3
-rw-r--r--src/templates/partials/lighttpd.hbs3
-rw-r--r--src/templates/partials/mysql.hbs3
-rw-r--r--src/templates/partials/nginx.hbs3
-rw-r--r--src/templates/partials/oraclehttp.hbs5
-rw-r--r--src/templates/partials/postfix.hbs3
-rw-r--r--src/templates/partials/postgresql.hbs3
-rw-r--r--src/templates/partials/proftpd.hbs3
-rw-r--r--src/templates/partials/tomcat.hbs3
-rw-r--r--src/templates/partials/traefik.hbs3
19 files changed, 65 insertions, 32 deletions
diff --git a/src/js/constants.js b/src/js/constants.js
index 2371b0f..fe5bb29 100755
--- a/src/js/constants.js
+++ b/src/js/constants.js
@@ -7,5 +7,5 @@ module.exports = {
mobileHeader: "SSL Config Generator",
title: "Mozilla SSL Configuration Generator",
url: "https://ssl-config.mozilla.org",
- validHashKeys: ["server", "server-version", "openssl-version", "config", "hsts", "ocsp"],
+ validHashKeys: ["server", "version", "server-version", "openssl", "openssl-version", "config", "hsts", "ocsp"],
};
diff --git a/src/js/index.js b/src/js/index.js
index 23393b4..ae8e6d8 100755
--- a/src/js/index.js
+++ b/src/js/index.js
@@ -44,7 +44,7 @@ const render = async () => {
const _state = await state();
// enable and disable the appropriate fields
- $('#server-version').toggleClass('text-disabled', _state.output.hasVersions === false);
+ $('#version').toggleClass('text-disabled', _state.output.hasVersions === false);
$('#openssl-version').toggleClass('text-disabled', _state.output.usesOpenssl === false);
$('#hsts').prop('disabled', _state.output.supportsHsts === false);
$('#ocsp').prop('disabled', _state.output.supportsOcspStapling === false);
@@ -81,9 +81,17 @@ $().ready(() => {
const params = new URLSearchParams(window.location.hash.substr(1));
- // set the default server version, if we're loading and have "server" but not "server-version"
- if (params.get('server') !== null && params.get('server-version') === null) {
- $('#server-version').val(configs[params.get('server')].latestVersion);
+ // some parameters have been renamed from the old SSL Configuration Generator
+ if (params.get('server-version') !== null) {
+ params.set('version', params.get('server-version'));
+ }
+ if (params.get('openssl-version') !== null) {
+ params.set('openssl', params.get('openssl-version'));
+ }
+
+ // set the default server version, if we're loading and have "server" but not "version"
+ if (params.get('server') !== null && params.get('version') === null) {
+ $('#version').val(configs[params.get('server')].latestVersion);
}
for (let entry of params.entries()) {
@@ -124,7 +132,7 @@ $().ready(() => {
$('.form-server').on('change', async () => {
gHaveSettingsChanged = true;
const _state = await state();
- $('#server-version').val(_state.output.latestVersion);
+ $('#version').val(_state.output.latestVersion);
render();
});
diff --git a/src/js/state.js b/src/js/state.js
index 80868e0..ba7d74a 100644
--- a/src/js/state.js
+++ b/src/js/state.js
@@ -12,18 +12,26 @@ export default async function () {
const url = new URL(document.location);
// generate the fragment
- let fragment = `server=${server}&server-version=${form['server-version'].value}`;
+ let fragment = `server=${server}&version=${form['version'].value}`;
fragment += configs[server].supportsConfigs !== false ? `&config=${config}` : '';
- fragment += configs[server].usesOpenssl !== false && form['openssl-version'].value !== configs['openssl'].latestVersion ? `&openssl-version=${form['openssl-version'].value}` : '';
+ fragment += configs[server].usesOpenssl !== false ? `&openssl=${form['openssl'].value}` : '';
fragment += configs[server].supportsHsts !== false && !form['hsts'].checked ? `&hsts=false` : '';
fragment += configs[server].supportsOcspStapling !== false && !form['ocsp'].checked ? `&ocsp=false` : '';
+ fragment += `&guideline=${sstls.version}`;
+
+ // generate the header
+ const date = new Date().toISOString().substr(0, 10);
+ let header = `generated ${date}, Mozilla Guideline v${sstls.version}, ${configs[server].name} ${form['version'].value}`;
+ header += configs[server].usesOpenssl !== false ? `, OpenSSL ${form['openssl'].value}` : '';
+ header += `, ${form['config'].value} configuration`;
+ header += configs[server].supportsHsts !== false && !form['hsts'].checked ? `, no HSTS` : '';
+ header += configs[server].supportsOcspStapling !== false && !form['ocsp'].checked ? `, no OCSP` : '';
- const date = new Date();
const link = `${url.origin}${url.pathname}#${fragment}`;
// we need to remove TLS 1.3 from the supported protocols if the software is too old
let protocols = ssc.tls_versions;
- if (minver(configs[server].tls13, form['server-version'].value) === false || minver(configs['openssl'].tls13, form['openssl-version'].value) === false) {
+ if (minver(configs[server].tls13, form['version'].value) === false || minver(configs['openssl'].tls13, form['openssl'].value) === false) {
protocols = protocols.filter(ciphers => ciphers !== 'TLSv1.3');
}
@@ -39,19 +47,20 @@ export default async function () {
config: form['config'].value,
hsts: form['hsts'].checked && configs[server].supportsHsts !== false,
ocsp: form['ocsp'].checked && configs[server].supportsOcspStapling !== false,
- opensslVersion: form['openssl-version'].value,
+ opensslVersion: form['openssl'].value,
server,
serverName: document.querySelector(`label[for=server-${server}]`).innerText,
- serverVersion: form['server-version'].value,
+ serverVersion: form['version'].value,
},
output: {
ciphers,
cipherSuites: ssc.ciphersuites,
- date: date.toISOString().substr(0, 10),
+ date,
dhCommand: ssc.dh_param_size >= 2048 ? `curl ${url.origin}/ffdhe${ssc.dh_param_size}.txt` : `openssl dhparam ${ssc.dh_param_size}`,
dhParamSize: ssc.dh_param_size,
fragment,
hasVersions: configs[server].hasVersions !== false,
+ header,
hstsMaxAge: ssc.hsts_min_age,
latestVersion: configs[server].latestVersion,
link,
diff --git a/src/templates/index.ejs b/src/templates/index.ejs
index 256ed6a..765c26f 100755
--- a/src/templates/index.ejs
+++ b/src/templates/index.ejs
@@ -90,13 +90,13 @@
<div class="input-group-prepend">
<span class="input-group-text">Server Version</span>
</div>
- <input type="text" class="form-control" aria-label="Server Version" aria-described="server-version" id="server-version" value="<%= htmlWebpackPlugin.options.configs.nginx.latestVersion %>">
+ <input type="text" class="form-control" aria-label="Server Version" aria-described="version" id="version" value="<%= htmlWebpackPlugin.options.configs.nginx.latestVersion %>">
</div>
<div class="input-group mt-2">
<div class="input-group-prepend">
<span class="input-group-text">OpenSSL Version</span>
</div>
- <input type="text" class="form-control" aria-label="Server Version" aria-described="openssl-version" id="openssl-version" value="<%= htmlWebpackPlugin.options.configs.openssl.latestVersion %>">
+ <input type="text" class="form-control" aria-label="OpenSSL Version" aria-described="openssl" id="openssl" value="<%= htmlWebpackPlugin.options.configs.openssl.latestVersion %>">
</div>
<h5 class="mt-3">Miscellaneous</h5>
diff --git a/src/templates/partials/apache.hbs b/src/templates/partials/apache.hbs
index ba2faa5..df77256 100644
--- a/src/templates/partials/apache.hbs
+++ b/src/templates/partials/apache.hbs
@@ -1,5 +1,7 @@
-# generated {{output.date}}, {{{output.link}}}
-# requires mod_ssl{{#if form.hsts}}{{#if form.ocsp}}, mod_socache_shmcb{{/if}}, mod_rewrite, and mod_headers{{else if form.ocsp}} and mod_socache_shmcb{{/if}}
+# {{output.header}}
+# {{{output.link}}}
+
+# this configuration requires mod_ssl{{#if form.hsts}}{{#if form.ocsp}}, mod_socache_shmcb{{/if}}, mod_rewrite, and mod_headers{{else if form.ocsp}} and mod_socache_shmcb{{/if}}
{{#if form.hsts}}
<VirtualHost *:80>
RewriteEngine On
diff --git a/src/templates/partials/caddy.hbs b/src/templates/partials/caddy.hbs
index 05a6bf8..ed3c5d0 100644
--- a/src/templates/partials/caddy.hbs
+++ b/src/templates/partials/caddy.hbs
@@ -1,4 +1,5 @@
-# generated {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
{{#unless (includes "old" form.config)}}
# note that Caddy automatically configures safe TLS settings
{{/unless}}
diff --git a/src/templates/partials/dovecot.hbs b/src/templates/partials/dovecot.hbs
index 2c610ea..a0f4eb1 100644
--- a/src/templates/partials/dovecot.hbs
+++ b/src/templates/partials/dovecot.hbs
@@ -1,4 +1,5 @@
-# {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
ssl = required
ssl_cert = </path/to/signed_cert_plus_intermediates
diff --git a/src/templates/partials/exim.hbs b/src/templates/partials/exim.hbs
index db7141a..a9e22c7 100644
--- a/src/templates/partials/exim.hbs
+++ b/src/templates/partials/exim.hbs
@@ -1,4 +1,5 @@
-# {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
tls_advertise_hosts = *
tls_certificate = /path/to/signed_cert_plus_intermediates
tls_privatekey = /path/to/private_key
diff --git a/src/templates/partials/golang.hbs b/src/templates/partials/golang.hbs
index 4afc275..6613206 100644
--- a/src/templates/partials/golang.hbs
+++ b/src/templates/partials/golang.hbs
@@ -1,4 +1,5 @@
-// generated {{output.date}}, {{{output.link}}}
+// {{output.header}}
+// {{{output.link}}}
package main
import (
diff --git a/src/templates/partials/haproxy.hbs b/src/templates/partials/haproxy.hbs
index 74928cc..2a325ee 100644
--- a/src/templates/partials/haproxy.hbs
+++ b/src/templates/partials/haproxy.hbs
@@ -1,4 +1,5 @@
-# generated {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
{{!Only version 1.5.0 and newer support TLS}}
{{#if (minver "1.5.0" form.serverVersion)}}
global
diff --git a/src/templates/partials/lighttpd.hbs b/src/templates/partials/lighttpd.hbs
index fc16c6e..204696f 100644
--- a/src/templates/partials/lighttpd.hbs
+++ b/src/templates/partials/lighttpd.hbs
@@ -1,4 +1,5 @@
-# generated {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
{{#if form.hsts}}
$SERVER["socket"] == ":80" {
$HTTP["host"] =~ ".*" {
diff --git a/src/templates/partials/mysql.hbs b/src/templates/partials/mysql.hbs
index 9c66de3..0d43e66 100644
--- a/src/templates/partials/mysql.hbs
+++ b/src/templates/partials/mysql.hbs
@@ -1,4 +1,5 @@
-# {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
[mysqld]
require_secure_transport = on
ssl-cert = /path/to/signed_cert_plus_intermediates.pem
diff --git a/src/templates/partials/nginx.hbs b/src/templates/partials/nginx.hbs
index 8e9ccfd..c7f84f0 100644
--- a/src/templates/partials/nginx.hbs
+++ b/src/templates/partials/nginx.hbs
@@ -1,4 +1,5 @@
-# generated {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
{{#if form.hsts}}
server {
listen 80 default_server;
diff --git a/src/templates/partials/oraclehttp.hbs b/src/templates/partials/oraclehttp.hbs
index 87f72ee..e3420aa 100644
--- a/src/templates/partials/oraclehttp.hbs
+++ b/src/templates/partials/oraclehttp.hbs
@@ -1,4 +1,5 @@
-# {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
{{#if form.hsts}}
<VirtualHost *:80>
RewriteEngine On
@@ -16,7 +17,7 @@
{{/if}}
</VirtualHost>
-# {{form.config}} configuration, tweak to your needs
+# {{form.config}} configuration
SSLProtocol All {{#unless (includes "TLSv1" output.protocols)}}-TLSv1{{/unless}}{{#unless (includes "TLSv1.1" output.protocols)}} -TLSv1.1{{/unless}}
SSLCipherSuite {{{join output.ciphers ":"}}}
SSLHonorCipherOrder on
diff --git a/src/templates/partials/postfix.hbs b/src/templates/partials/postfix.hbs
index ea79791..bbd1c86 100644
--- a/src/templates/partials/postfix.hbs
+++ b/src/templates/partials/postfix.hbs
@@ -1,4 +1,5 @@
-# {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
smtpd_use_tls = yes
smtpd_tls_security_level = may
diff --git a/src/templates/partials/postgresql.hbs b/src/templates/partials/postgresql.hbs
index f22ab4c..aedb718 100644
--- a/src/templates/partials/postgresql.hbs
+++ b/src/templates/partials/postgresql.hbs
@@ -1,4 +1,5 @@
-# {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
ssl = on
ssl_cert_file = '/path/to/signed_cert_plus_intermediates'
diff --git a/src/templates/partials/proftpd.hbs b/src/templates/partials/proftpd.hbs
index d71f32c..91d10e1 100644
--- a/src/templates/partials/proftpd.hbs
+++ b/src/templates/partials/proftpd.hbs
@@ -1,4 +1,5 @@
-# generated {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
TLSEngine on
TLSRequired on
diff --git a/src/templates/partials/tomcat.hbs b/src/templates/partials/tomcat.hbs
index 4ce4558..18f65ce 100644
--- a/src/templates/partials/tomcat.hbs
+++ b/src/templates/partials/tomcat.hbs
@@ -1,4 +1,5 @@
-# generated {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
{{#if form.hsts}}
<Connector
port="80"
diff --git a/src/templates/partials/traefik.hbs b/src/templates/partials/traefik.hbs
index a3ea025..e993550 100644
--- a/src/templates/partials/traefik.hbs
+++ b/src/templates/partials/traefik.hbs
@@ -1,4 +1,5 @@
-# generated {{output.date}}, {{{output.link}}}
+# {{output.header}}
+# {{{output.link}}}
{{#if (minver "2.0.0" form.serverVersion)}}
{{! traefik 2.0 has a very different configuration style }}
[http.routers]
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-23 02:41:14 +0300