瀏覽代碼

Expanded documentation in SSL/TLS support

Steve Kamerman 8 年之前
父節點
當前提交
ebbf7a7b74
共有 1 個文件被更改,包括 6 次插入3 次删除
  1. 6 3
      README.md

+ 6 - 3
README.md

@@ -162,10 +162,13 @@ and `CERT_NAME=shared` will then use this shared cert.
 
 
 #### How SSL Support Works
 #### How SSL Support Works
 
 
-The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
+The SSL cipher configuration is based on the [Mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
 should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
 should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
-Windows XP IE8, Android 2.3, Java 7.  The configuration also enables HSTS, and SSL
-session caches.
+Windows XP IE8, Android 2.3, Java 7.  Note that the DES-based TLS ciphers were removed for security.
+The configuration also enables HSTS, PFS, and SSL session caches.  Currently TLS 1.0, 1.1 and 1.2
+are supported.  TLS 1.0 is deprecated but its end of life is not until June 30, 2018.  It is being 
+included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
+IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
 
 
 The default behavior for the proxy when port 80 and 443 are exposed is as follows:
 The default behavior for the proxy when port 80 and 443 are exposed is as follows: