Russell Coker via luv-main wrote:
I've been doing some work on the LUV server and
noticed that it was supporting
old SSL protocols. I disabled TLS 1.1 as ssllabs will no longer give a rating
higher than B to a site that uses it, with that change we get an A+! I think
this is no big deal as this only prevents access from Android below version
5.0 (NB Chrome on Android 4.x works fine, it's the Android internal browser
that no-one would ever want to use on our site that fails), and some
particularly ancient versions of Safari and IE.
https://www.ssllabs.com/ssltest/analyze.html?
d=www.luv.asn.au&s=46.4.124.163&latest
The above URL gives the test results.
I disabled all the weaker ciphers that aren't being used.
The cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is weak but is required to
support IE11 on Windows versions before 10 and Safari versions before 9. Is
it worth keeping?
So are you asking the practical question : "How many people are likely
to want to use IE11 W<10 and Safari <9 ?";
or are you asking the more philosophical question: "Just how far back
does backward compatibility need to be maintained "
regards Rohan McLeod