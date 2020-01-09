Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersIf you run a server or website - check TLS/SSL


412 posts

Ultimate Geek


# 262178 9-Jan-2020 01:14
2 people support this post
Send private message quote this post

as some might know already

 

if you use a ssl cert on your site etc TLS 1.0 &  TLS 1.1 encryption is no longer supported ,

 

(SSL 1.0, 2.0 was unsupported since  2011 and 3.0 was unsupported since 2015 ) you shouldn't of been using this encryption at all

 

TLS 2.0 & TLS 3.0 are ok

 

and from January 2020 will be starting to remove TLS 1.0 &  TLS 1.1 from most browsers and fully be removed by March 2020

 

 

 

https://www.ssllabs.com/ssltest/ is a good site to test your site etc

 

https://wiki.mozilla.org/Security/Server_Side_TLS is good site to show how to change your settings




 

 

 

Create new topic
1786 posts

Uber Geek

Trusted

  # 2387723 9-Jan-2020 07:24
Send private message quote this post

direct link to the generator

 

https://ssl-config.mozilla.org/

 

its linked from the image on the right from the second link.

 

 

And of course there is https://letsencrypt.org/ for free TLS certs.




CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 

/dev/null
8996 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2387829 9-Jan-2020 09:53
One person supports this post
Send private message quote this post

Partially incorrect here.

 

TLS 2.0 and TLS 3.0 don't exist. I think you're meaning SSL 2.0 and SSL 3.0 which are incredibly insecure and should be disabled also (this will give you an F in SSLLabs).

 

TLS 1.2 and TLS 1.3 (if your server supports it) should be the only protocols enabled along with secure ciphers.

 

If you're using Cloudflare, to mitigate you need to go into SSL/TLS, click on the "Edge Certificates" tab and set "Minimum TLS Version" to TLS 1.2.

 

Note - by doing this you're effectively disabling support for older browsers and operating systems.




Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial | Sharesies

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

NZ Police releases public app
Posted 8-Jan-2020 11:43

Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06

Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54

AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42

AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32

Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09

Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32

Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30

Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01

NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00

New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33

IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07

Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42

MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40

NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.