Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

ssl-config (1) Versions 0.1.0

Generates secure TLS config file

Policyfile
Berkshelf
Knife
cookbook 'ssl-config', '~> 0.1.0', :supermarket
cookbook 'ssl-config', '~> 0.1.0'
knife supermarket install ssl-config
knife supermarket download ssl-config
README
Dependencies
Changelog
Quality 17%

ssl-config-cookbook

This cookbook is aimed at making it easy to provide secure SSL/TLS settings in your webserver of choice. The recommendations are taken from Mozilla's TLS Guidelines

Disclaimer

This repository provides a centralised easy way to encapsulate recommended SSL settings, across multiple sites. It may not always be up to date with the latest best practices as new protocols are published, and vulnerabilities in existing ones are discovered. Use of this cookbook does not constitute a magical security bullet, and the author(s) expressly makes no guarantee that use of this cookbook will necessarily result in correct security settings for your server. You should use this as a starting point, and check the generated results for yourself.

It is recommended that you read Mozilla's TLS Guidelines as a more definitive guide, and more frequently updated source of information. It is also recommended that you test the strength of your server's configuration together with the generated key and certificate via a tool such as SSL Labs server test to get a better picture of the security of your specific site.

Usage

Nginx

{
  "run_list": [
    "recipe[nginx]"
    "recipe[ssl-config::nginx]"
  ]
}

And in your nginx config template:

server {
  listen 443 ssl;
  servername example.com;

  include /etc/nginx/secure-ssl.conf;

  ssl_certificate /path/to/signed_cert_plus_intermediates;
  ssl_certificate_key /path/to/private_key;

  #...
}

Apache

{
  "run_list": [
    "recipe[apache2]"
    "recipe[ssl-config::apache]"
  ]
}

  ServerName example.com
  SSLEngine on
  SSLCertificateFile      /path/to/signed_certificate
  SSLCertificateChainFile /path/to/intermediate_certificate
  SSLCertificateKeyFile   /path/to/private/key
  SSLCACertificateFile    /path/to/all_ca_certs

  include /etc/apache2/secure-ssl.conf

  #...


Attributes

<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['ssl-config']['compatibility_mode']</tt></td>
<td>String</td>
<td><tt>Can be changed to "intermediate_compatibility" to support some older browsers</tt></td>
<td><tt>"high_security"</tt></td>
</tr>
<tr>
<td><tt>['ssl-config']['hsts']</tt></td>
<td>Boolean</td>
<td>Ensure you know what you are doing before turning this on. Forces browsers to always use https on the given domain</td>
<td><tt>false</tt></td>
</tr>
<tr>
<td><tt>['ssl-config']['tuning']['ssl_session_timeout']</tt></td>
<td>String</td>
<td>Tunable session timeout</td>
<td><tt>"5m"</tt></td>
</tr>
<tr>
<td><tt>['ssl-config']['tuning']['ssl_session_cache']</tt></td>
<td>String</td>
<td>Tunable session cache</td>
<td><tt>"shared:SSL:5m"</tt></td>
</tr>
</table>

License and Authors

Author:: Jeremy Olliver (jeremy.olliver@gmail.com)
License:: Apache 2.0

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

0.1.0

Initial release of ssl-config

Collaborator Number Metric
            

0.1.0 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.1.0 failed this metric

FC034: Unused template variables: ssl-config/templates/default/apache-ssl.conf.erb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

0.1.0 passed this metric

Testing File Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number