Site Security Upgraded to TLSv1.2
Thanks to readers Tom W and James K for reporting a browser warning for this site, which was using TLSv1.1, which is now deprecated.
This cropped up because companies like Apple have updated their web browsers to issue a warning for TLSv1.1. That’s confusing to users and not important for this site, but that’s how it is.
As of this morning, I’ve hardened the site to use TLSv1.2 with TLSv1.3 optional. Wasn’t planning on it here at 11800' elevation in the White Mountains my van... such a lovely morning lost but it was worth doing.
Also, supported cipher suites have been hardened to only the following:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Very old web browsers might no longer be able to access this site as a result. There is no way to fix that (in general) without degrading site security and getting a 'B' rating. While a few cipher suites could be added and still get an 'A', those suites are ranked as 'weak', and I have chosen to exclude them for now.