[HCoop-Discuss] TLS v1.1 Disabled in Apache

Clinton Ebadi clinton at unknownlamer.org
Sat Mar 7 18:05:59 EST 2020


Greetings,

As of March 1st, 2020 SSLLabs is now capping the score of any host with
TLS v1.1 enabled to a "B" grade, and based on their information
(https://blog.qualys.com/ssllabs/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols)
no browsers would really be affected so I went ahead and just turned it
off.

We now only support TLS v1.2 and have also disabled most weaker
encryption types, in particular, we are using these settings:

  https://ssl-config.mozilla.org/#server=apache&version=2.4.25&config=intermediate&openssl=1.1.0d&hsts=false&ocsp=false&guideline=5.4

After these changes, we have an A grade (applies to all hosted domains):
https://www.ssllabs.com/ssltest/analyze.html?d=hcoop.net&s=68.183.54.165&latest

-- 
<captain_krunk> ntk is currently using "telnet fyodor 25" to send email
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.hcoop.net/pipermail/hcoop-discuss/attachments/20200307/8a162a42/attachment.sig>


More information about the HCoop-Discuss mailing list