Categories
Changes Status

SSL/TLS Changes

We’re going to start turning off TLSv1.0 and TLSv1.1 per best current practices (BCP 195), and start working on updates to add support for TLSv1.3. Our account control center is first. Other services will be changed as we work on configs or other updates for both web and mail services.

As of early 2020, support for TLS 1.0 and TLSv1.1 has been removed in current versions of major browsers. For more information about the depreciation of TLS1.0/1.1 see: https://blog.qualys.com/product-tech/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols

We’re also changing our ACME client for Let’s Encrypt certificates. We started out using certbot, however certbot is moving to an app store framework (Snap) for future updates and we don’t want to install such things on our servers. So we searched for an alternative ACME client that we liked and settled on dehydrated. For more information on dehydrated visit them on github at: https://github.com/dehydrated-io/dehydrated

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.