I've been doing some work on the LUV server and noticed that it was supporting old SSL protocols. I disabled TLS 1.1 as ssllabs will no longer give a rating higher than B to a site that uses it, with that change we get an A+! I think this is no big deal as this only prevents access from Android below version 5.0 (NB Chrome on Android 4.x works fine, it's the Android internal browser that no-one would ever want to use on our site that fails), and some particularly ancient versions of Safari and IE.
https://www.ssllabs.com/ssltest/analyze.html? d=www.luv.asn.au&s=46.4.124.163&latest The above URL gives the test results. I disabled all the weaker ciphers that aren't being used. The cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is weak but is required to support IE11 on Windows versions before 10 and Safari versions before 9. Is it worth keeping? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ luv-main mailing list [email protected] https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
