{"id":29376518,"url":"https://github.com/twitter/sslconfig","last_synced_at":"2026-02-05T10:33:55.370Z","repository":{"id":28229017,"uuid":"31733579","full_name":"twitter/sslconfig","owner":"twitter","description":"Twitter's OpenSSL Configuration","archived":false,"fork":false,"pushed_at":"2021-10-08T21:04:29.000Z","size":17,"stargazers_count":44,"open_issues_count":0,"forks_count":27,"subscribers_count":104,"default_branch":"master","last_synced_at":"2025-07-10T00:45:07.274Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/twitter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-03-05T20:04:34.000Z","updated_at":"2025-06-01T15:53:17.000Z","dependencies_parsed_at":"2022-09-04T17:00:42.800Z","dependency_job_id":null,"html_url":"https://github.com/twitter/sslconfig","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/twitter/sslconfig","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/twitter%2Fsslconfig","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/twitter%2Fsslconfig/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/twitter%2Fsslconfig/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/twitter%2Fsslconfig/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/twitter","download_url":"https://codeload.github.com/twitter/sslconfig/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/twitter%2Fsslconfig/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29119232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T09:40:36.738Z","status":"ssl_error","status_checked_at":"2026-02-05T09:36:49.977Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-09T22:43:21.602Z","updated_at":"2026-02-05T10:33:55.350Z","avatar_url":"https://github.com/twitter.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"sslconfig\n=========\n\nTwitter's OpenSSL configuration. The goal of this project is to share our work with upstream and any other interested parties. We intend to open source any future work we do that improves the security of Twitter and the internet as a whole.\n\nAt the time of this writing, Twitter currently uses OpenSSL 1.0.2a (+ patches).\n\nTwitter enables the following ciphers (using the server's preference):\n\n```\nECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA\n```\n\n## Session Ticket Patch\n\nTwitter uses a [patch](patches/openssl_session_ticket.patch) for OpenSSL that\nenables session ticket key rotation via a new API call, SSL_CTX_set_tlsext_ticket_key_list.\n\n## Advertised Ciphers Callback Patch\n\nTwitter uses a [patch](patches/openssl_set_advertised_ciphers_cb.patch) for OpenSSL that\nregisters a callback to introspect the client's advertised ciphers.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftwitter%2Fsslconfig","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftwitter%2Fsslconfig","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftwitter%2Fsslconfig/lists"}