[ic] {OT} hardening SSL without rejecting users

Grant emailgrant at gmail.com
Tue Apr 27 02:17:23 UTC 2010


I've been advised to harden my SSL in the following ways:

1. disable SSL 2.0
2. disable use of SSL ciphers which offer either weak or no encryption
3. disable anonymous SSL ciphers

Will some website users not be able to use https if I do this?

- Grant



More information about the interchange-users mailing list