Find a file
Daniel Micay 90a7780b5e migrate to new tlsserver Let's Encrypt profile
We can no longer use OCSP stapling and Must-Staple. These will soon be
obsolete once the `shortlived` profile is available for public use since
it will provide certificates with a similar lifetime as OCSP responses.

In the meantime, we've moved to the `tlsserver` profile stripping legacy
features to prepare for the `shortlived` profile which will be identical
to `tlsserver` but with a validity period of 6 days.

The certificate for SUPL is still temporarily using the classic profile
to work around the older generations of end-of-life Snapdragon Pixels
not having support for SNI. We can eventually drop support for these
devices from the SUPL service to allow us to disable TLSv1.1, DHE and
move to the `tlsserver` or `shortlived` profile.

The certificate for SMTP is still temporarily using the classic profile
to avoid potential compatibility issues with servers supporting TLSv1.2
but still not yet supporting SNI.
2025-05-08 22:26:43 -04:00
.github add GitHub funding metadata 2021-07-19 23:02:29 -04:00
boot/loader add systemd-boot configuration 2025-04-11 13:44:37 -04:00
certbot migrate to new tlsserver Let's Encrypt profile 2025-05-08 22:26:43 -04:00
etc migrate to new tlsserver Let's Encrypt profile 2025-05-08 22:26:43 -04:00
guide add nftables dscp counter config to guide 2023-08-19 00:46:21 -04:00
home/.config fish: add vi keybinding setup 2024-11-29 14:03:58 -05:00
packages add bird and zerotier-one packages to ns1 servers 2025-05-04 16:01:06 -04:00
.gitignore add authorized_keys configuration 2025-04-10 15:14:25 -04:00
connection-stats clean up stats scripts 2023-07-16 01:25:27 -04:00
count count: handle optimized factory image downloads 2025-01-02 23:39:25 -05:00
deploy-initial update Arch ISO for VPS deployment to 2025.05.01 2025-05-04 16:01:06 -04:00
disconnect add disconnect script 2024-09-25 17:44:13 -04:00
dns-stats dns-stats: show total TCP and UDP queries 2024-03-28 11:38:06 -04:00
fetch-info extend info fetching to sysctl values 2024-07-24 16:58:11 -04:00
for add batch command script 2024-11-17 10:38:51 -05:00
hosts.sh set up certificate replication for ns1 replicas 2025-05-05 17:29:54 -04:00
LICENSE migrate to new tlsserver Let's Encrypt profile 2025-05-08 22:26:43 -04:00
nginx-create-session-ticket-keys move umask to systemd unit configuration 2024-10-14 06:11:32 -04:00
nginx-rotate-session-ticket-keys move umask to systemd unit configuration 2024-10-14 06:11:32 -04:00
nginx-stats clean up stats scripts 2023-07-16 01:25:27 -04:00
ovh-mitigation rename OVH mitigation script 2023-07-03 18:35:43 -04:00
ovh-mitigation.py ovh-mitigation: add checking/toggling firewall 2024-07-05 00:40:20 -04:00
README.md Fix readme 2021-12-16 12:43:34 -05:00
reboot improve reboot script confirmation message 2024-12-12 15:27:57 -05:00
requirements.in add OVH mitigation control script 2023-02-22 16:22:47 -05:00
requirements.txt update python dependencies 2025-04-17 10:32:41 -04:00
setup specify python3 in setup script 2023-07-06 22:12:26 -04:00

Information about GrapheneOS servers is available in the GrapheneOS servers article on grapheneos.org.