Utility helps avoid technical headaches
Mozilla has released a revamped version of its SSL Configuration Generator tool.
The free of charge utility offers config script for a variety of different popular web servers including Apache and Nginx.
The tool – which can be refined to support systems set up to TLS 1.3 and don't need backward compatibility or (alternatively) general purpose servers with a variety of clients – also covers AWS Elastic Load Balancer and MySQL.
Other options include configs to set systems up with HTTP Strict Transport Security and Online Certificate Status Protocol (OCSP) Stapling.
“Configuring TLS is perhaps the most complicated and error-prone of all IT tasks, and this tries to make it as easy as possible,” said April King, head of website security at Mozilla, explaining the rationale for developing the utility on Twitter.
The otherwise comprehensive list of configs omits Microsoft’s widely-used IIS web server.
“IIS is also a little tricky in that it doesn't (generally) have simply separate text files for configuration,” King said. “Still, I'd be happy to add it if somebody submitted a pull request for it.”
Scott Helme’s latest sitrep of the security status of the net’s top 1 million websites offers a broader context of the sort of problems Mozilla’s SSL Configuration Generator tool might help in addressing.
Nginx (33%), Apache (29%) and Microsoft IIS (19%) are the three most commonly deployed web server software packages, according to the latest June 2019 stats from Netcraft.