Przeglądaj źródła

Expanded documentation in SSL/TLS support

Steve Kamerman 8 lat temu
rodzic
commit
ebbf7a7b74
1 zmienionych plików z 6 dodań i 3 usunięć
  1. 6 3
      README.md

+ 6 - 3
README.md

@@ -162,10 +162,13 @@ and `CERT_NAME=shared` will then use this shared cert.
 
 
 #### How SSL Support Works
 #### How SSL Support Works
 
 
-The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
+The SSL cipher configuration is based on the [Mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
 should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
 should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
-Windows XP IE8, Android 2.3, Java 7.  The configuration also enables HSTS, and SSL
-session caches.
+Windows XP IE8, Android 2.3, Java 7.  Note that the DES-based TLS ciphers were removed for security.
+The configuration also enables HSTS, PFS, and SSL session caches.  Currently TLS 1.0, 1.1 and 1.2
+are supported.  TLS 1.0 is deprecated but its end of life is not until June 30, 2018.  It is being 
+included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
+IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
 
 
 The default behavior for the proxy when port 80 and 443 are exposed is as follows:
 The default behavior for the proxy when port 80 and 443 are exposed is as follows: