
On Tuesday, 10 November 2020 10:26:38 AM AEDT Russell Coker via luv-main wrote:
The cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is weak but is required to support IE11 on Windows versions before 10 and Safari versions before 9. Is it worth keeping?
It turns out that IE11 on Windows <10 used that cipher if the server didn't ask it not to. When I specified that cipher as the lowest priority IE11 on all platforms other than Windows Phone 8.1 (non-update) didn't use it, Windows phone 8.1 update supported better ciphers with IE11. That left Safari < 9 as the only possibility of problems. I doubt that anyone is trying to access our site from a version of Safari that's more than 5 years out of date. So I have disabled that cipher. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/