Recent content by gizmo

Hi @stevieosaurus, @anditasb in case you guys haven't fixed it, please see my post about how to properly disable CBC ciphers. Though I have no answer for @slowaways on how to remove ciphers with 128 bit keys. Theoretically, this would partially work: "ECDSA+AES256+AESGCM" would remove...

Hi, The tooltip for Ciphers says "use our default cipher which follows SSL cipher best practices" is a little misleading. It's good, but because it currently includes weak CBC ciphers even when using v1.8.3 it's not exactly the best. SSL Labs Test result for default configuration shows...

Hi @usOC22 and @Cold-Egg, In case you still haven't had any success with this, I found a solution that works and gets rid of CBC ciphers! Set Ciphers in Virtual Hosts > SSL to this: EECDH+ECDSA+AESGCM (It won't work under Listeners Ciphers since Virtual Hosts default config overrides it)...

Hi, I wish that the default configuration only have TLS 1.2 and TLS 1.3 enabled by default. That way, users would be secured from the very beginning, and not have to worry about turning off TLS 1.1. It's already 2025 and this non-secure obsolete version should be retired already.