Forum Discussion

Neonsun_116864's avatar
Neonsun_116864
Icon for Nimbostratus rankNimbostratus
Jan 26, 2017

Offering selective ciphers for different TLS versions?

According to Qualys SSLLabs, sites offering DES ciphers for TLSv1.2 will soon be marked down with a 'C' grade. We need to offer this due to certain client compatibility requirements, but all of these clients will connect using TLSv1. The grading penalty apparently only applies when the cipher is offered over TLSv1.2 (https://blog.qualys.com/ssllabs/2017/01/18/ssl-labs-grading-changes-january-2017).

 

So, is there a way to present a selective list of ciphers based on the client's TLS compatibility? (I.e. for TLSv1, use ciphers A,B,C, for TLSv1_1 and TLSv1_2 use ciphers A,B but not C)?

 

No RepliesBe the first to reply