From owner-freebsd-security@FreeBSD.ORG  Thu May 14 11:10:19 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4C99555E
 for <freebsd-security@freebsd.org>; Thu, 14 May 2015 11:10:19 +0000 (UTC)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6881F13BE
 for <freebsd-security@freebsd.org>; Thu, 14 May 2015 11:10:17 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id t4EBACRO064014;
 Thu, 14 May 2015 21:10:12 +1000 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Thu, 14 May 2015 21:10:12 +1000 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Adam Major <adi@ivpro.net>
cc: freebsd-security@freebsd.org
Subject: Re: Forums.FreeBSD.org - SSL Issue?
In-Reply-To: <555476CB.2010005@ivpro.net>
Message-ID: <20150514205215.X69409@sola.nimnet.asn.au>
References: <CACRVPYOALi-V8D34zeJTYdSwHshYrqtttqVV3=aP8Yb6ZAxfyg@mail.gmail.com>
 <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com>
 <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net>
 <20150514193706.V69409@sola.nimnet.asn.au>
 <555476CB.2010005@ivpro.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2015 11:10:19 -0000

On Thu, 14 May 2015 12:19:55 +0200, Adam Major wrote:
 > Hello
 > 
 > I checked now by sslLabs.com:
 > https://www.ssllabs.com/ssltest/analyze.html?d=forums.freebsd.org
 > 
 > and score is A+

Ah, so it is now .. it was still B only half an hour ago :)

 > But I don't think disable TLS 1.0 is ok.

If that's why I still can't connect to https://forums.freebsd.org/ then 
no, it's not too friendly.  Was/Is it really necessary to disable it?

cheers, Ian

 > In test result paragraph: Handshake Simulation is informations that
 > page will not work on:
 > - Android 4.3 (and older)
 > - IE 6,7,8 on XP/Vista
 > - IE 8-10 on Win7 (TLS > 1.0 is disabled in default browser config)
 > - old Java
 > 
 > 
 > Very nice Web browser Secure protocols table:
 > 
 > https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
 > 
 > 
 > Best Regards.