12 comments

[ 2.0 ms ] story [ 39.6 ms ] thread
Clientside apps: definitly not on Server side: i usually set an minimum tls version, The ciphers baseline of HIGH and removing some ciphers like sha1, CBC and any NULL Containing cipher
Yes they should. Enough with this authoritarian user-hostile attitude. I can't even connect to your site as you reject my ClientHello, and I'm not going to figure out why.
"Those who can't do it teach it."
“Safari can’t open the page because it couldn’t establish a secure connection to the server.”

Irony or satire?

Not even curl can connect... seems whatever this is on about isn't important enough for them to let people even try to read.
I'm not going to take security advice from someone whose website I can't open in https.
Does not load in Firefox
Site won't load so I can't see if it's advocating no choices or a different mechanism or granularity for choices.

But, say, itsec banning some tls1.2 "for compatibility reasons" options is less drastic than itsec just banning tls1.2 from the company network entirely.

That's how I implemented it. Just with less checkboxes.