cancel
Showing results for 
Search instead for 
Did you mean: 

Offering selective ciphers for different TLS versions?

Neonsun_116864
Nimbostratus
Nimbostratus

According to Qualys SSLLabs, sites offering DES ciphers for TLSv1.2 will soon be marked down with a 'C' grade. We need to offer this due to certain client compatibility requirements, but all of these clients will connect using TLSv1. The grading penalty apparently only applies when the cipher is offered over TLSv1.2 (https://blog.qualys.com/ssllabs/2017/01/18/ssl-labs-grading-changes-january-2017).

 

So, is there a way to present a selective list of ciphers based on the client's TLS compatibility? (I.e. for TLSv1, use ciphers A,B,C, for TLSv1_1 and TLSv1_2 use ciphers A,B but not C)?

 

0 REPLIES 0