Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 877: | Line 877: | ||
Our guidelines maintain support for SSLv3 in the Old configuration only. This is required for clients on Windows XP service pack 1 & 2 that do not have support for TLSv1.0. Internet Explorer and Chrome on those platforms are impacted. Mozilla wants to be reachable from very old clients, to allow them to download a better browser. Therefore, we maintain SSLv3 compatibility on a limited number of sites. But all sites that do not need that level of compatibility are encouraged to implement the Intermediate configuration | Our guidelines maintain support for SSLv3 in the Old configuration only. This is required for clients on Windows XP service pack 1 & 2 that do not have support for TLSv1.0. Internet Explorer and Chrome on those platforms are impacted. Mozilla wants to be reachable from very old clients, to allow them to download a better browser. Therefore, we maintain SSLv3 compatibility on a limited number of sites. But all sites that do not need that level of compatibility are encouraged to implement the Intermediate configuration | ||
=== Logjam attack === | |||
The Logjam attack describes methods of attacking TLS servers supporting DHE export ciphers, and with weak (< 1024 bit) Diffie Hellman groups. Modern TLS servers should not include these configurations. The recommendations in this guide provide configurations that are not impacted by this. | |||
more: https://weakdh.org | |||
== SPDY == | == SPDY == | ||