If you run a server or website

Forums › IT Pro and developers › If you run a server or website - check TLS/SSL

bigalow

566 posts

Ultimate Geek

#262178 9-Jan-2020 01:14

as some might know already

if you use a ssl cert on your site etc TLS 1.0 & TLS 1.1 encryption is no longer supported ,

(SSL 1.0, 2.0 was unsupported since 2011 and 3.0 was unsupported since 2015 ) you shouldn't of been using this encryption at all

TLS 2.0 & TLS 3.0 are ok

and from January 2020 will be starting to remove TLS 1.0 & TLS 1.1 from most browsers and fully be removed by March 2020

https://www.ssllabs.com/ssltest/ is a good site to test your site etc

https://wiki.mozilla.org/Security/Server_Side_TLS is good site to show how to change your settings

mentalinc

3226 posts

Uber Geek

Trusted

#2387723 9-Jan-2020 07:24

direct link to the generator

https://ssl-config.mozilla.org/

its linked from the image on the right from the second link.

And of course there is https://letsencrypt.org/ for free TLS certs.

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

michaelmurfy

meow
13240 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2387829 9-Jan-2020 09:53

Partially incorrect here.

TLS 2.0 and TLS 3.0 don't exist. I think you're meaning SSL 2.0 and SSL 3.0 which are incredibly insecure and should be disabled also (this will give you an F in SSLLabs).

TLS 1.2 and TLS 1.3 (if your server supports it) should be the only protocols enabled along with secure ciphers.

If you're using Cloudflare, to mitigate you need to go into SSL/TLS, click on the "Edge Certificates" tab and set "Minimum TLS Version" to TLS 1.2.

Note - by doing this you're effectively disabling support for older browsers and operating systems.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

bigalow

566 posts

Ultimate Geek

#2389020 9-Jan-2020 13:20

Oops I mean TLS 1.2 and TLS 1.3 are ok

There is no TLS 2.0 and TLS 3.0

Killerkiwi2005

374 posts

Ultimate Geek

Trusted

#2389099 9-Jan-2020 15:22

Tool for those stuck in IIS land

https://www.nartac.com/Products/IISCrypto/

bigalow

566 posts

Ultimate Geek

#2446549 25-Mar-2020 18:27

bump

this is a good time to do this