SSL Config

A node.js implementation of the recommended cipher suites and TLS/SSL versions from Mozilla's Server Side TLS project.

The suite list uses the cipher suite prioritization logic from Mozilla. Since Firefox and Chrome don't support AES-GCM with 256 bit keys, a 128 bit AES key is considered superior.

Note this package only sets cipher suites and TLS/SSL versions, other parts of the recommendations are implemented elsewhere, eg, for Express servers HSTS we recommend using Helmet.

Usage

Just use either 'modern', 'intermediate' or 'old'.

$3

Requires IE 11, Firefox 27, Chrome 22, Safari 7, Android 4.4, Opera 14, Java 8 or newer.

$3

Requires IE 7, Firefox 1, Chrome 1, Safari 1, Windows XP IE8, Android 2.3, Opera 5, Java 7 or newer.

$3

Windows XP IE6, Java 6 and newer. You really shouldn't use this setting, it is implemented for compatibility with Mozilla's tools.

Eg:

var sslConfig = require('ssl-config')('modern');

Then run https.createServer per node.js TLS and io.js TLS docs.

https.createServer({
key: privateKey,
cert: certificate,
ca: certificateAuthority,
ciphers: sslConfig.ciphers,
honorCipherOrder: true,
secureOptions: sslConfig.minimumTLSVersion
});

Or for express.js

var server = https.createServer({
key: privateKey,
cert: certificate,
ca: certificateAuthority,
ciphers: sslConfig.ciphers,
honorCipherOrder: true,
secureOptions: sslConfig.minimumTLSVersion
}, app);

Or for Hapi:

``
var server = new Hapi.Server();
server.connection({
// other config options here
tls: {
key: privateKey,
cert: certificate,
ca: certificateAuthority,
ciphers: sslConfig.ciphers,
honorCipherOrder: true,
secureOptions: sslConfig.minimumTLSVersion
},
routes: {
security: true // turns on HSTS and other security headers
}
});
``

License

Mozilla Public License 2.0