Andrew Colvin wrote:
TLS1.0 and 1.1 are depricated and most websites have them turned off for security reasons the same as SSL version.
TLS1.0 is deprecated, but not 1.1. The old browser may also not be able
to negotiate with the SHA2 certs as SHA1 is also past it life and most browsers and sites no longer support so if your browser cannot handle SHA2 then you will not connect.
Wouldn't matter. The opensuse sites I can't connecct with only use SHA1.
Aditionally you may have old cipher support only and many of these are disabled on the servers for the health of the server.
Actually the problem was pretty much the opposite. The opensuse server only had the weaker ones starting w/RSA enabled. I'd disabled RSA as a first try and only had the strong ones enabled. I enabled a few of the RSA ciphers, which I'm told often needs to be done for compatibility as many sites haven't disabled the older ciphers for compatibility w/customers.
All things to check out
Did...and the problem was pretty much the opposite of of what we were thinking. Those who can't connect have their security settings set too high Opensuse only has 1 algorithm available for the first part -- RSA which is deprecated by ssllabs. thanks for the nudge -- (made me investigate what we being send/offered...just that that whole strong/weak thing got reversed).. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org