Mozilla TLS configuration generator

When you're new to web hosting, finding decent TLS settings is not trivial. Retrospectively a lot of time I've put into this feels wasted, because finding optimal TLS settings basically is a never ending scientific effort. IMHO web-servers should be pre-configured for getting you decent TLS scores, but they're not.

The next best thing to getting a sane default configuration is using a well-maintained configuration generator. Luckily Mozilla is publishing one:


It's a super useful tool, because crafting good TLS configurations requires a lot of expertise. While this saved me quite some time and headaches, it's probably still a good idea to test those generated TLS configs against SSL Test, Mozilla Observatory, etc. Double-checking is important when doing security relevant stuff.

written by uniq on 2019-09-25