Author here, please let me know any comments, issues or anything else.<p>I'm also behind other projects like an SSL (site) test, a fast one: <a href="https://ssldecoder.org/" rel="nofollow">https://ssldecoder.org/</a> and a certificate monitoring service (reminds you before expiring): <a href="https://certificatemonitor.org/" rel="nofollow">https://certificatemonitor.org/</a>.<p>Also my personal site describing my adventures in *NIX and cloudland: <a href="https://raymii.org/s/" rel="nofollow">https://raymii.org/s/</a>, plus a boatload of TLS related articles.<p>The mozilla guide is also very good, the ability to configure based on your server settings and browser support is a heck of a nice feature. Whenever I have time to learn javascript that's the first thing to implement.<p>Although, all my projects are open source (<a href="https://github.com/RaymiiOrg/" rel="nofollow">https://github.com/RaymiiOrg/</a>) so merge requests are welcome. Ferm GPL believer here.
Here's a configurable version by Mozilla: <a href="https://mozilla.github.io/server-side-tls/ssl-config-generator/" rel="nofollow">https://mozilla.github.io/server-side-tls/ssl-config-generat...</a>
I know it may not be too interesting or relevant but it would be nice to have similar configurations for common/popular enterprise tools/platforms such as F5, Cisco, Juniper etc.<p>I see so many badly configured systems as part of the day job that it certainly would be great to help start socializing good configs.<p>PS. even for something like Tomcat (which changes features on minor versions?!?), it's hard to find good configs. I have a whole bunch of notes on things like this and happy to share if someone wants to codify it.
Posted at least 4 times. Guys please keep it clean. <a href="https://news.ycombinator.com/from?site=cipherli.st" rel="nofollow">https://news.ycombinator.com/from?site=cipherli.st</a>