Skip to content

Commit

Permalink
change supportsOcspStapling to version-based only
Browse files Browse the repository at this point in the history
  • Loading branch information
@gstrauss
gstrauss committed Dec 6, 2024
1 parent 9a0ee1e commit 5921845
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 23 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ Highlighted items from src/js/state.js for use in templates. See src/js/state.j
- `output.hasVersions` - server config has versions (boolean true/false)
- `output.supportsConfigs` - supports modern, intermediate, old configs (boolean true/false)
- `output.supportsHsts` - supports HTTP Strict Transport Security (HSTS) (boolean true/false)
- `output.supportsOcspStapling` - supports OCSP Stapling (boolean true/false)
- `output.supportsOcspStapling` - server version supporting OCSP Stapling in config
- `output.tls13` - minimum server version supporting TLSv1.3

## Building
Expand Down
18 changes: 1 addition & 17 deletions src/js/configs.js
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
// configs for the supported pieces of software
// hasVersions, showSupports, supportsConfigs, supportsHsts, supportsOcspStapling, and usesOpenssl only need to be defined if false
// hasVersions, showSupports, supportsConfigs, supportsHsts, and usesOpenssl only need to be defined if false
// cipherFormat is assumed to be 'openssl' unless defined otherwise


Expand Down Expand Up @@ -31,7 +31,6 @@ module.exports = {
name: 'AWS ELB',
supportedCiphers: ['ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES128-SHA256', 'ECDHE-RSA-AES128-SHA256', 'ECDHE-ECDSA-AES128-SHA', 'ECDHE-RSA-AES128-SHA', 'DHE-RSA-AES128-SHA', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES256-SHA384', 'ECDHE-RSA-AES256-SHA384', 'ECDHE-RSA-AES256-SHA', 'ECDHE-ECDSA-AES256-SHA', 'AES128-GCM-SHA256', 'AES128-SHA256', 'AES128-SHA', 'AES256-GCM-SHA384', 'AES256-SHA256', 'AES256-SHA', 'DHE-DSS-AES128-SHA', 'CAMELLIA128-SHA', 'EDH-RSA-DES-CBC3-SHA', 'DES-CBC3-SHA', 'ECDHE-RSA-RC4-SHA', 'RC4-SHA', 'ECDHE-ECDSA-RC4-SHA', 'DHE-DSS-AES256-GCM-SHA384', 'DHE-RSA-AES256-GCM-SHA384', 'DHE-RSA-AES256-SHA256', 'DHE-DSS-AES256-SHA256', 'DHE-RSA-AES256-SHA', 'DHE-DSS-AES256-SHA', 'DHE-RSA-CAMELLIA256-SHA', 'DHE-DSS-CAMELLIA256-SHA', 'CAMELLIA256-SHA', 'EDH-DSS-DES-CBC3-SHA', 'DHE-DSS-AES128-GCM-SHA256', 'DHE-RSA-AES128-GCM-SHA256', 'DHE-RSA-AES128-SHA256', 'DHE-DSS-AES128-SHA256', 'DHE-RSA-CAMELLIA128-SHA', 'DHE-DSS-CAMELLIA128-SHA', 'ADH-AES128-GCM-SHA256', 'ADH-AES128-SHA', 'ADH-AES128-SHA256', 'ADH-AES256-GCM-SHA384', 'ADH-AES256-SHA', 'ADH-AES256-SHA256', 'ADH-CAMELLIA128-SHA', 'ADH-CAMELLIA256-SHA', 'ADH-DES-CBC3-SHA', 'ADH-DES-CBC-SHA', 'ADH-RC4-MD5', 'ADH-SEED-SHA', 'DES-CBC-SHA', 'DHE-DSS-SEED-SHA', 'DHE-RSA-SEED-SHA', 'EDH-DSS-DES-CBC-SHA', 'EDH-RSA-DES-CBC-SHA', 'IDEA-CBC-SHA', 'RC4-MD5', 'SEED-SHA', 'DES-CBC3-MD5', 'DES-CBC-MD5', 'RC2-CBC-MD5', 'PSK-AES256-CBC-SHA', 'PSK-3DES-EDE-CBC-SHA', 'KRB5-DES-CBC3-SHA', 'KRB5-DES-CBC3-MD5', 'PSK-AES128-CBC-SHA', 'PSK-RC4-SHA', 'KRB5-RC4-SHA', 'KRB5-RC4-MD5', 'KRB5-DES-CBC-SHA', 'KRB5-DES-CBC-MD5', 'EXP-EDH-RSA-DES-CBC-SHA', 'EXP-EDH-DSS-DES-CBC-SHA', 'EXP-ADH-DES-CBC-SHA', 'EXP-DES-CBC-SHA', 'EXP-RC2-CBC-MD5', 'EXP-KRB5-RC2-CBC-SHA', 'EXP-KRB5-DES-CBC-SHA', 'EXP-KRB5-RC2-CBC-MD5', 'EXP-KRB5-DES-CBC-MD5', 'EXP-ADH-RC4-MD5', 'EXP-RC4-MD5', 'EXP-KRB5-RC4-SHA', 'EXP-KRB5-RC4-MD5'],
supportsHsts: false,
supportsOcspStapling: false,
usesOpenssl: false,
},
caddy: {
Expand All @@ -40,7 +39,6 @@ module.exports = {
latestVersion: '2.8.4',
eolBefore: '2.0.0',
name: 'Caddy',
supportsOcspStapling: false, // actually true; can't be disabled in Caddy
tls13: '0.11.5',
usesOpenssl: false,
},
Expand All @@ -50,7 +48,6 @@ module.exports = {
name: 'Coturn',
showSupports: false,
supportsHsts: false,
supportsOcspStapling: false,
tls13: '4.6.2',
},
dovecot: {
Expand All @@ -60,7 +57,6 @@ module.exports = {
name: 'Dovecot',
showSupports: false,
supportsHsts: false,
supportsOcspStapling: false,
tls13: '2.3.15',
},
exim: {
Expand All @@ -70,7 +66,6 @@ module.exports = {
name: 'Exim',
showSupports: false,
supportsHsts: false,
supportsOcspStapling: false,
tls13: '4.92.0',
},
go: {
Expand All @@ -79,7 +74,6 @@ module.exports = {
latestVersion: '1.23.3',
eolBefore: '1.22.0',
name: 'Go',
supportsOcspStapling: false,
tls13: '1.13.0',
usesOpenssl: false,
},
Expand All @@ -97,7 +91,6 @@ module.exports = {
eolBefore: '12.0.0',
name: 'Jetty',
supportsHsts: false,
supportsOcspStapling: false,
tls13: '9.4.12',
usesOpenssl: false,
},
Expand All @@ -116,7 +109,6 @@ module.exports = {
name: 'MySQL',
showSupports: false,
supportsHsts: false,
supportsOcspStapling: false,
tls13: '8.0.16',
},
nginx: {
Expand All @@ -138,7 +130,6 @@ module.exports = {
highlighter: 'apache',
latestVersion: '12.2.1',
name: 'Oracle HTTP',
supportsOcspStapling: false,
usesOpenssl: false,
},
postfix: {
Expand All @@ -148,7 +139,6 @@ module.exports = {
name: 'Postfix',
showSupports: false,
supportsHsts: false,
supportsOcspStapling: false,
tls13: '3.3.2',
},
postgresql: {
Expand All @@ -158,7 +148,6 @@ module.exports = {
name: 'PostgreSQL',
showSupports: false,
supportsHsts: false,
supportsOcspStapling: false,
tls13: '12.0',
},
proftpd: {
Expand All @@ -178,7 +167,6 @@ module.exports = {
name: 'Redis',
showSupports: false,
supportsHsts: false,
supportsOcspStapling: false,
tls13: '6.0',
},
squid: {
Expand All @@ -188,23 +176,20 @@ module.exports = {
name: 'Squid',
showSupports: false,
supportsHsts: false,
supportsOcspStapling: false,
tls13: '4',
},
stunnel: {
highlighter: 'ini',
latestVersion: '5.73',
name: 'stunnel',
supportsHsts: false,
supportsOcspStapling: false,
tls13: '5.50',
},
tomcat: {
highlighter: 'xml',
latestVersion: '11.0.1',
eolBefore: '9.0.0',
name: 'Tomcat',
supportsOcspStapling: false,
tls13: '8.0.0',
usesOpenssl: false,
},
Expand All @@ -214,7 +199,6 @@ module.exports = {
latestVersion: '3.2.1',
eolBefore: '2.11.0',
name: 'Traefik',
supportsOcspStapling: false, // https://github.com/containous/traefik/issues/212
tls13: '2.0.0',
usesOpenssl: false,
},
Expand Down
2 changes: 1 addition & 1 deletion src/js/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ const render = async () => {
$('#version').toggleClass('text-disabled', _state.output.hasVersions === false);
$('#openssl').toggleClass('text-disabled', _state.output.usesOpenssl === false);
$('#hsts').prop('disabled', _state.output.supportsHsts === false);
$('#ocsp').prop('disabled', _state.output.supportsOcspStapling === false);
$('#ocsp').prop('disabled', !_state.output.supportsOcspStapling);

// update the fragment
if (gHaveSettingsChanged) {
Expand Down
6 changes: 2 additions & 4 deletions src/js/state.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,8 @@ export default async function () {
const server = form['server'].value;
const ssc = sstls.configurations[form['config'].value]; // server side tls config for that level
const supportsOcspStapling =
typeof configs[server].supportsOcspStapling === 'undefined'
|| configs[server].supportsOcspStapling === true
|| (configs[server].supportsOcspStapling !== false
&& minver(configs[server].supportsOcspStapling, form['version'].value));
configs[server].supportsOcspStapling
&& minver(configs[server].supportsOcspStapling, form['version'].value);

const url = new URL(document.location);

Expand Down

0 comments on commit 5921845

Please sign in to comment.