Expanded documentation in SSL/TLS support

2024-09-20 19:05:10 +02:00 · 2016-09-29 21:57:28 -04:00 · 2016-09-29 21:57:28 -04:00 · ebbf7a7b74
commit ebbf7a7b74
parent d3a0da451a
1 changed files with 6 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -162,10 +162,13 @@ and `CERT_NAME=shared` will then use this shared cert.

 #### How SSL Support Works

-The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
+The SSL cipher configuration is based on the [Mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
 should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
-Windows XP IE8, Android 2.3, Java 7.  The configuration also enables HSTS, and SSL
-session caches.
+Windows XP IE8, Android 2.3, Java 7.  Note that the DES-based TLS ciphers were removed for security.
+The configuration also enables HSTS, PFS, and SSL session caches.  Currently TLS 1.0, 1.1 and 1.2
+are supported.  TLS 1.0 is deprecated but its end of life is not until June 30, 2018.  It is being 
+included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
+IE < 11, Safari < 7, iOS < 5, Android Browser < 5.

 The default behavior for the proxy when port 80 and 443 are exposed is as follows: