[go: up one dir, main page]
Skip to content
/ sslconfig Public
forked from cloudflare/sslconfig

CloudFlare's Internet facing SSL cipher configuration

License

BSD-3-Clause license
0 stars 132 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

robguima/sslconfig

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
patches
patches
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
conf
conf
 
 

Repository files navigation

sslconfig

CloudFlare's Internet facing SSL cipher configuration

This repository tracks the history of the SSL cipher configuration used for CloudFlare's public-facing SSL web servers. The repository tracks an internal CloudFlare repository, but dates may not exactly match when changes are made.

There is a single file called conf which contains the configuration used in CloudFlare's NGINX servers. This is only a fragment of the configuration.

We currently use OpenSSL 1.0.2-stable (+ patches).

RC4 patch

CloudFlare uses a patch that disables use of RC4 in TLS v1.1+. Without this patch, effective cipher list for TLS v1.1+ will be different than the one we use in production.

ChaCha20/Poly1305 patch

CloudFlare uses a patch for OpenSSL that enables the ChaCha20/Poly1305 cipher suites and implements special logic to ensure it is only taken if it is the client's top cipher choice. Without this patch, the cipher suite choice in the configuration will not work correctly.

About

CloudFlare's Internet facing SSL cipher configuration

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published