
Cipherli.st – Strong Ciphers for Apache, Nginx and Lighttpd - josephscott
https://cipherli.st/
======
mdewinter
Author here, please let me know any comments, issues or anything else.

I'm also behind other projects like an SSL (site) test, a fast one:
[https://ssldecoder.org/](https://ssldecoder.org/) and a certificate
monitoring service (reminds you before expiring):
[https://certificatemonitor.org/](https://certificatemonitor.org/).

Also my personal site describing my adventures in *NIX and cloudland:
[https://raymii.org/s/](https://raymii.org/s/), plus a boatload of TLS related
articles.

The mozilla guide is also very good, the ability to configure based on your
server settings and browser support is a heck of a nice feature. Whenever I
have time to learn javascript that's the first thing to implement.

Although, all my projects are open source
([https://github.com/RaymiiOrg/](https://github.com/RaymiiOrg/)) so merge
requests are welcome. Ferm GPL believer here.

~~~
vtlynch
How often are the recommendations on cipherli.st updated?

~~~
mdewinter
Not very often, mostly when someone sends a merge request with a new piece of
software (like varnish).

------
koolba
Here's a configurable version by Mozilla: [https://mozilla.github.io/server-
side-tls/ssl-config-generat...](https://mozilla.github.io/server-side-tls/ssl-
config-generator/)

~~~
vsviridov
I like this one better, can pick versions and backwards compatibility level.

------
meritt
Why is there a giant heart-shaped lock obscuring most of the screen?

~~~
vbezhenar
It's very distracting and makes website hard to read.

~~~
asamarin
Agreed. After a few mins of reading, it became annoying enough that I felt an
urge to remove it via dev-tools.

Nice content, nonetheless.

------
newman314
I know it may not be too interesting or relevant but it would be nice to have
similar configurations for common/popular enterprise tools/platforms such as
F5, Cisco, Juniper etc.

I see so many badly configured systems as part of the day job that it
certainly would be great to help start socializing good configs.

PS. even for something like Tomcat (which changes features on minor
versions?!?), it's hard to find good configs. I have a whole bunch of notes on
things like this and happy to share if someone wants to codify it.

~~~
mdewinter
If you have the config or required format for config I'd be happy to add it.
Create an issue with the config,, I can do the code then

------
WhatsName
See also: [https://bettercrypto.org](https://bettercrypto.org)

------
snassar
The SSL config for dovecot on Debian Jessie (2.2.13-12~deb8u1) stops
Thunderbird 45 from connecting.

(I did open an issue about this.)

------
Eun
Posted at least 4 times. Guys please keep it clean.
[https://news.ycombinator.com/from?site=cipherli.st](https://news.ycombinator.com/from?site=cipherli.st)

~~~
tptacek
Reposts are fine, especially when they haven't gotten much attention before.

