TLS/SSL 配置片段评分器
指导
TLS/SSL 配置片段评分器
Paste an Apache or Nginx TLS/SSL configuration block and get an instant A–F grade based on Mozilla’s Server Side TLS guidelines. The grader flags deprecated protocols, weak ciphers, missing HSTS, and other security issues, then suggests a Mozilla-aligned replacement snippet you can drop straight into your server config.
如何使用
- Paste your Apache
SSLProtocol/SSLCipherSuitedirectives or Nginxssl_protocols/ssl_ciphersblock into the input area. - (Optional) Pick the server type — auto-detection works for most snippets.
- Choose your target Mozilla profile: Modern (TLS 1.3 only), Intermediate (recommended), or Old (legacy clients).
- Review the grade card, then expand each finding to see exactly which directive triggered the deduction.
- Copy the suggested replacement snippet at the bottom and merge it into your server config.
特征
- Deterministic A–F grade – Same input always produces the same score, unlike conversational AI advice.
- Apache & Nginx support – Parses both
SSLProtocol/SSLCipherSuite且ssl_protocols/ssl_ciphersstyles. - Mozilla profile matching – Grade against Modern, Intermediate, or Old based on what your audience needs.
- Deprecated protocol detection – Flags SSLv2, SSLv3, TLS 1.0 and TLS 1.1, plus POODLE/DROWN/RFC 8996 context.
- Weak cipher detection – Catches RC4, 3DES, EXPORT, NULL, aNULL, MD5 and other risky tokens.
- HSTS & OCSP stapling checks – 提示当
Strict-Transport-Securityis missing ormax-ageis too low. - Replacement snippets – Auto-generates a Mozilla-aligned config block for the detected server type.
- Client-side & private – All parsing runs in your browser; nothing is sent to a server.
常问问题
-
What is forward secrecy and why does it matter?
Forward secrecy means each TLS session uses a fresh, ephemeral key (typically ECDHE or DHE). If an attacker later compromises the server's long-term private key, they still cannot decrypt past traffic they recorded — every session had its own throwaway key. Cipher suites starting with ECDHE_ or DHE_ provide forward secrecy; older RSA key-exchange suites do not.
-
Why is TLS 1.0 considered insecure when there are no known full breaks?
TLS 1.0 (1999) uses a weaker pseudorandom function (MD5+SHA1) and is vulnerable to BEAST and several padding-oracle attacks (POODLE TLS, Lucky 13). Major browser vendors and PCI DSS dropped support, and RFC 8996 formally deprecates both TLS 1.0 and 1.1. Even without a clean break, the protocol no longer meets modern security baselines.
-
What does HSTS actually protect against?
HSTS (HTTP Strict Transport Security) prevents downgrade and SSL-stripping attacks. Once a browser sees the Strict-Transport-Security header, it refuses to load the site over plain HTTP for the duration of max-age — even if the user types http:// or clicks an http link. Without HSTS, an attacker on the network can intercept the first plaintext request before the redirect to HTTPS.
-
How does OCSP stapling improve security and performance?
OCSP stapling lets the server pre-fetch a signed validity statement from the certificate authority and attach ("staple") it to the TLS handshake. The client doesn't need to make a separate OCSP query, which saves a round trip and prevents the CA from learning which sites the user visits. It also fails-safe when the CA's OCSP responder is slow or offline.
-
What is the difference between Mozilla's modern, intermediate, and old profiles?
Modern targets clients that support TLS 1.3 only (Chrome 70+, Firefox 63+, Safari 12.1+) — strongest security, smallest compatibility footprint. Intermediate enables TLS 1.2 and 1.3 with a curated cipher list — the recommended default for most public sites. Old extends back to TLS 1.0 for legacy clients (Windows XP, Android 4) and accepts weaker ciphers — only choose it if you genuinely must support those clients.
