{"id":13397577,"url":"https://github.com/mozilla/ssl-config-generator","last_synced_at":"2026-05-03T06:18:09.828Z","repository":{"id":38219062,"uuid":"187086022","full_name":"mozilla/ssl-config-generator","owner":"mozilla","description":"Mozilla SSL Configuration Generator","archived":false,"fork":false,"pushed_at":"2026-04-29T07:09:32.000Z","size":2693,"stargazers_count":432,"open_issues_count":3,"forks_count":70,"subscribers_count":30,"default_branch":"master","last_synced_at":"2026-04-29T08:33:05.419Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://ssl-config.mozilla.org/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mozilla.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-05-16T19:04:22.000Z","updated_at":"2026-04-29T07:09:33.000Z","dependencies_parsed_at":"2024-04-18T11:32:35.793Z","dependency_job_id":"ea08330a-ff0f-4374-99d4-7e4b31faf62f","html_url":"https://github.com/mozilla/ssl-config-generator","commit_stats":{"total_commits":414,"total_committers":28,"mean_commits":"14.785714285714286","dds":0.3599033816425121,"last_synced_commit":"66667fa52ae1990ab289c9fe49b53fa5b3cf1422"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/mozilla/ssl-config-generator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla%2Fssl-config-generator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla%2Fssl-config-generator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla%2Fssl-config-generator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla%2Fssl-config-generator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mozilla","download_url":"https://codeload.github.com/mozilla/ssl-config-generator/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mozilla%2Fssl-config-generator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32559763,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T03:21:47.309Z","status":"ssl_error","status_checked_at":"2026-05-03T03:21:43.884Z","response_time":103,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T18:01:32.356Z","updated_at":"2026-05-03T06:18:09.821Z","avatar_url":"https://github.com/mozilla.png","language":"JavaScript","funding_links":[],"categories":["HTML","JavaScript","Others"],"sub_categories":[],"readme":"# Mozilla SSL Configuration Generator\n\nThe Mozilla SSL Configuration Generator is a tool which builds configuration files to help you follow the Mozilla [Server Side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS) configuration guidelines.\n\nThis tool is built and deployed to https://ssl-config.mozilla.org/\n\nTo be notified when the Mozilla [Server Side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS) configuration guidelines are updated (infrequent), use github notifications to subscribe to Releases on this repository (mozilla/ssl-config-generator).\n\nTo modify and build this tool locally, please see Installation and Development sections below.\n\n## JSON guidelines\n\nEach revision of the Mozilla Server Side TLS guidelines is published in a machine-readable format from this repository as a [JSON specification](/src/static/guidelines/) that can be found at [`/src/static/guidelines/`](/src/static/guidelines/) 📟\n\n## Changelog\n\nThe [Changelog](/src/static/guidelines/CHANGELOG.md) that tracks the history of changes to Mozilla's configuration guidelines is available along the versioned JSON guideline files at [`/src/static/guidelines/CHANGELOG.md`](/src/static/guidelines/CHANGELOG.md) 🔬\n\n## Contributing\n\nThe project is written in JavaScript, and uses Webpack for development and production builds.\n\nWe keep a list of things that would make a great contribution tagged with [*help wanted*](https://github.com/mozilla/ssl-config-generator/labels/help%20wanted), [*good first issue*](https://github.com/mozilla/ssl-config-generator/labels/good%20first%20issue), and [*new software support*](https://github.com/mozilla/ssl-config-generator/labels/new%20software%20support) labels.\n\nIf you'd like to see your favorite tool added or compatibility expanded, we're always happy to mentor a PR or receive a bug report to make the configs better for everyone.\n\nEven when you don't feel comfortable contributing actual templates, posting some nice verified configs or compatibility hints is equally welcome! 💝\n\nGet involved by sharing your ideas or joining the conversation in the [Discussions](https://github.com/mozilla/ssl-config-generator/discussions) tab. 🗨️\n\nThis repository is governed by Mozilla's [Community Participation Guidelines](/CODE_OF_CONDUCT.md)\nso please make yourself familiar with it to get the idea of what level of developer etiquette and standards are expected across Mozilla projects.\n\n## Installation\n\nNodeJS and npm are required to install and run the project locally:\nNode v22 is recommended and we use that in production, but the codebase may be compatible with other versions too.\n\n```bash\n$ npm install\n```\n\n## Development\n\nOnce you've installed, you can simply run:\n\n```bash\n$ npm start   # or: npm run watch\n```\n\nThis starts a local webserver that will automatically reload your changes.\n\nAlternatively, you can use [Docker](https://www.docker.com/) to run the local webserver to avoid\ncluttering your local environment with npm dependencies. You first need to build the docker:\n\n```bash\ndocker build -t moz-ssl-config-gen:latest .\n```\n\nYou can then run the webserver:\n\n```bash\ndocker run -p 3001:3001 -p 5500:5500 moz-ssl-config-gen:latest\n```\n\n## Adding new software\n\nThere are two places that need to be updated in order to add support for a new piece of software:\n\n* `src/js/configs.js`, which sets the supported features for your software, and\n* `src/js/helpers/your-software.js`, javascript module which outputs your software's configuration\n\n### Creating templates\n\nAll of the templates are written in javascript.  The configuration generator supports the following additional helpers:\n\n- `minpatchver(minimum_ver, cur_ver)` - `true` if `cur_ver` is greater than or equal to `minimum_ver`, AND both versions are the same major/minor version, e.g. `2.4`\n  - `minpatchver(\"2.4.3\", form.serverVersion)`\n- `minver(minimum_ver, cur_ver)` - `true` if `cur_ver` is greater than or equal to `minimum_ver`\n  - `minver(\"1.9.5\", form.serverVersion)`\n\n### Template variables\n\nHighlighted items from src/js/state.js for use in templates.  See src/js/state.js for more.\n\n- `form.serverName` - display name of the server\n- `form.serverVersion` - requested server version\n- `form.opensslVersion` - requested OpenSSL version\n- `form.config` - configuration name ([ \"modern\" | \"intermediate\" | \"old\" ])\n- `form.hsts` - HTTP Strict Transport Security form checkbox (boolean true/false)\n- `form.ocsp` - OCSP Stapling form checkbox (boolean true/false)\n- `output.header` - description of rendered config\n- `output.link` - URL to rendered config\n- `output.protocols` - protocol list (e.g. zero or more of: \"TLSv1\" \"TLSv1.1\" \"TLSv1.2\" \"TLSv1.3\")\n- `output.ciphers` - TLSv1.2 (and older) cipher list\n- `output.cipherSuites` - TLSv1.3+ cipher suites list\n- `output.serverPreferredOrder` - enforce ServerPreference for ordering cipher list (boolean true/false)\n- `output.hstsMaxAge` - max-age (seconds) for Strict-Transport-Security: max-age=... HTTP response header\n- `output.hstsRedirectCode` - HTTP status code to use for HSTS redirect from http:// to https://\n- `output.latestVersion` - server latest version\n- `output.usesOpenssl` - server uses openssl (boolean true/false)\n- `output.usesDhe` - server might use (\u003c= TLSv1.2 kDHE) Diffie-Hellmann key exchange (boolean true/false)\n- `output.dhCommand` - command to generate Diffie-Hellman (DH) parameters\n- `output.hasVersions` - config supports several server versions (boolean true/false)\n- `output.supportsHsts` - supports HTTP Strict Transport Security (HSTS) (boolean true/false)\n- `output.supportsOcspStapling` - server version supporting OCSP Stapling in config\n- `output.tls13` - server version supporting TLSv1.3\n- `output.tlsCurves` - groups/curves list\n\n### Requested but not yet added new software support\n\nOver time support for various software has been requested and discussed. This is a list of those requests. Check out the linked tickets to see the background and then feel free to submit a pull request for the tool to support that piece of software\n\n* [Micorsoft Internet Information Services (IIS)](https://github.com/mozilla/ssl-config-generator/issues/54)\n* [Envoy Proxy](https://github.com/mozilla/ssl-config-generator/issues/29)\n* [Wildfly](https://github.com/mozilla/ssl-config-generator/issues/172)\n* [Kestrel/ASP.NET Core](https://github.com/mozilla/ssl-config-generator/issues/147)\n* [OpenLDAP](https://github.com/mozilla/ssl-config-generator/issues/118)\n* [GnuTLS](https://github.com/mozilla/ssl-config-generator/issues/321)\n* [Exim](https://github.com/mozilla/ssl-config-generator/issues/115)\n* [H2O](https://github.com/mozilla/ssl-config-generator/issues/329)\n* [Kubelet](https://github.com/mozilla/ssl-config-generator/pull/197)\n\nActive issues related to new software can be found in the issue list using the [`new software support` label](https://github.com/mozilla/ssl-config-generator/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22new%20software%20support%22).\n\n## Building\n\nProduction builds have different CSP headers, included scripts, and version info added to the output, so to verify that locally you can inspect the exact production-level artifacts as used in deployment after running:\n\n\n```bash\n$ npm run build\n```\n\nHowever, this step is not necessary for production deployment.\nAutomation publishes the production site via GitHub Pages, so once your PR merges the changes deploy within a minute or two.\nGitHub Pages are published upon commit to the master branch\nvia .github/workflows/deploy-to-production.yml\n\n## History\n\nThe SSL Config Generator was originally part of [`mozilla/server-side-tls@v5.0`](https://github.com/mozilla/server-side-tls/tree/12fda41) ([last-revision-before-move](https://github.com/mozilla/server-side-tls/tree/last-revision-before-move))\nprior to mid-2019 at which point it was moved to this dedicated repository. It\nwas initially created [at the end of 2014](https://github.com/mozilla/server-side-tls/commit/b201a11)\nand [started out supporting Apache HTTP, Nginx and HAProxy](https://web.archive.org/web/20141026012016/https://mozilla.github.io/server-side-tls/ssl-config-generator/).\n\n## Authors\n\n* [April King](https://github.com/april)\n* [Gene Wood](https://github.com/gene1wood)\n* [Julien Vehent](https://github.com/jvehent)\n\n## License\n\nThis software is licensed under the [MPL version 2.0](https://www.mozilla.org/MPL/). For more\ninformation, read this repository's [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmozilla%2Fssl-config-generator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmozilla%2Fssl-config-generator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmozilla%2Fssl-config-generator/lists"}