Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cloudflare/sslconfig
Cloudflare's Internet facing SSL configuration
https://github.com/cloudflare/sslconfig
Last synced: about 2 months ago
JSON representation
Cloudflare's Internet facing SSL configuration
- Host: GitHub
- URL: https://github.com/cloudflare/sslconfig
- Owner: cloudflare
- License: bsd-3-clause
- Created: 2014-05-03T19:48:10.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2023-07-14T07:15:21.000Z (about 1 year ago)
- Last Synced: 2024-04-27T08:34:21.734Z (5 months ago)
- Homepage:
- Size: 256 KB
- Stars: 1,294
- Watchers: 153
- Forks: 132
- Open Issues: 27
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-github-repos - cloudflare/sslconfig - Cloudflare's Internet facing SSL configuration (Others)
- awesome-hacking-lists - cloudflare/sslconfig - Cloudflare's Internet facing SSL configuration (Others)
- jimsghstars - cloudflare/sslconfig - Cloudflare's Internet facing SSL configuration (Others)
README
sslconfig
=========
Cloudflare's Internet facing SSL cipher configuration
This repository tracks the history of the SSL cipher configuration used for
Cloudflare's public-facing SSL web servers. The repository tracks an internal
Cloudflare repository, but dates may not exactly match when changes are made.
There is a single file called conf which contains the configuration used in
Cloudflare's NGINX servers. This is only a fragment of the configuration.
ChaCha20/Poly1305 patch
-----------------------
Cloudflare uses [a patch](patches/openssl__chacha20_poly1305_cf.patch) for
OpenSSL that enables the ChaCha20/Poly1305 cipher suites and implements
special logic to ensure it is only taken if it is the client's top cipher
choice. Without this patch, the cipher suite choice in the configuration
will not work correctly.