for me too, running mostly Macs from OSX 10.11 (El Capitan with Safari 11) to OSX 10.14 (Mojave with Safari 12.1), sometimes Windoof 7 and 10 with IE 11, I don't have problems logging into a BlueOnyx 5209R.
is BlueOnyx 5219R available yet? Best regards _⌢_ Meaulnes Legler '¿') Zurich, Switzerland. `-´ +41¦0 44 260-1660 On 19.06.19 03:56, Michael Stauber wrote:
Hi all, I'm currently locking down the SSL protocols and ciphers for BlueOnyx 5210R in Apache and Nginx. The good news is: TLSv1.3 does indeed work with the Apache 2.4.35 that ships with RHEL8. They must have backported the missing elements from Apache 2.4.36, which officially is the first version of Apache where TLSv1.3 ought to work. The included OpenSSL-1.1.1 is also (barely) good enough for TLSv1.3. Below is a preliminary SSL-Labs check for HTTPS on 5210R with the stock Apache 2.4.35: https://www.ssllabs.com/ssltest/analyze.html?d=5210r.smd.net&hideResults=on The result for the included Nginx SSL proxy is identical except for one minor detail: Under TLSv1.3 the CHACHA20_POLY1305 cipher is in 2nd place and not in first place. Question: ========== As you can see in the URL above, the following browsers are no longer supported: - IE 11 / Win Phone 8.1 - Safari 6 / iOS 6.0.1 - Safari 7 / iOS 7.1 - Safari 7 / OS X 10.9 - Safari 8 / iOS 8.4 - Safari 8 / OS X 10.10 The best available cipher that these support would be this: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 And that uses the "weak" CBC mechanism, which we might want to avoid. Does anyone have objections for no longer supporting these older browsers via HTTPS? Or do we still need to drag them along?
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
