Weak cipher suites

tmoberg · May 13, 2020, 12:32pm

Hi,

What’s the reason for keeping the following (weak) TLS 1.2 cipher suites in the list of accepted suites?

/Tom

perry · May 14, 2020, 12:10am

hey @tmoberg - good to see you around here again.

I’m not an expert on this topic but this did come up recently and we spent good chunk of time writing up a response:

let us know if you have any further questions!

tmoberg · May 14, 2020, 8:39pm

Thanks @perry - I wish I had more granular control over the cipher suites, but as long as I get A+, I am content …

perry · May 15, 2020, 12:25am

totally. thanks for checking in!

Topic		Replies	Views
Ciphers - How to configure Support netlify-dns-https-ssl , security	19	1983	August 30, 2021
Disable ciphers suites which utilize SHA-1 message authentication and/or DH or DHE key exchanges Support netlify-dns-https-ssl , security	2	1346	June 30, 2020
Weak Ciphers Enabled Support deployment	4	754	January 20, 2021
Upcoming change: deprecation of CBC TLS ciphers Updates	3	1393	March 30, 2021
What cipher suites are enabled on paid certs from Netlify? Support netlify-dns-https-ssl , security	4	874	May 13, 2019