Security Suite

Mozilla SSL Config Generator

Create optimized TLS cipher configurations, protocol configurations, and security headers for Nginx, Apache, HAProxy, and Caddy following Mozilla's security recommendations.

1. Select Server

2. Select Mozilla SSL Profile

Modern TLS 1.3 Only

TLS 1.3 only. Maximum security. Recommended for modern browsers and services without legacy clients.

Intermediate Recommended

TLS 1.2 & 1.3. General-purpose. Highly recommended for almost all services - safe, secure, and widely compatible.

Old Legacy Compatibility

TLS 1.0 to 1.3. Legacy compatibility. Only use if you must support extremely old clients (like IE 8, Windows XP).

3. Server & Certificate Paths

Domain Name (Server Name)

Server Version

OpenSSL Version

Certificate Path (crt/pem)

Private Key Path (key)

CA Bundle / Chain Path

DH Parameters Path (dhparam.pem)

DNS Resolver IP(s)

4. Extra Security Features

Enable HTTP/2 / ALPN

HTTP Strict Transport Security (HSTS)

HSTS Max Age

Include Subdomains HSTS Preload

Enable OCSP Stapling

NGINX Intermediate

Mozilla SSL Security Guidelines

Mozilla's Server Side TLS recommendations provide configurations for common web servers. Keeping your TLS configuration up to date is crucial to ensure that transport encryption is robust against modern cryptographic attacks while offering the appropriate level of client compatibility.

Modern profile disables TLS 1.2 and older, offering forward secrecy and AEAD ciphers exclusively. Intermediate is the recommended default for general web-facing services, ensuring compatibility with TLS 1.2 clients (like old mobile devices or desktop OS) without compromising security. Ciphers are evaluated automatically client-side.

Related Tools

Explore other diagnostics that might help with your workflow.

SSL Checker

Verify SSL/TLS certificate details, expiration, and trust chain.

CSR Generator

Generate Certificate Signing Requests and Private Keys.

SSL Converter

Convert SSL certificates between PEM, DER, PFX, and PKCS#7.