A few weeks ago I realized our websites accidentally disabled post-quantum key exchange because our haproxy had an old version of the modern ssl-config.mozilla.org config. Imagine how long it will take for everyone to realize this and fix their configs. This is not a scalable way of doing things...
An easy-to-use secure configuration generator for web, database, and mail software. Simply select the software you are using and receive a configuration file that is both safe and compatible.
Ugh, apparently neither @github.com, nor @fastmail.com, nor @slack.engineering support post-quantum TLS key exchanges, making everything sent and received over these connections vulnerable to harvest-now-decrypt-later attacks, maybe as early as 2029.
