Re: [luv-talk] SSL on LUV server

Russell Coker via luv-main wrote:
I've been doing some work on the LUV server and noticed that it was supporting old SSL protocols. I disabled TLS 1.1 as ssllabs will no longer give a rating higher than B to a site that uses it, with that change we get an A+! I think this is no big deal as this only prevents access from Android below version 5.0 (NB Chrome on Android 4.x works fine, it's the Android internal browser that no-one would ever want to use on our site that fails), and some particularly ancient versions of Safari and IE.
https://www.ssllabs.com/ssltest/analyze.html? d=www.luv.asn.au&s=46.4.124.163&latest
The above URL gives the test results.
I disabled all the weaker ciphers that aren't being used.
The cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is weak but is required to support IE11 on Windows versions before 10 and Safari versions before 9. Is it worth keeping?
So are you asking the practical question : "How many people are likely to want to use IE11 W<10 and Safari <9 ?"; or are you asking the more philosophical question: "Just how far back does backward compatibility need to be maintained " regards Rohan McLeod
participants (1)
-
Rohan McLeod