Small change to SSL ciphers (April 24, 2018)

We’ve made a small technical change to the way our servers handle SSL connections. The change shouldn’t affect anyone, but we’re describing it here just for the record.

The technical description of the change is that we’ve removed the DES-CBC3-SHA (aka TLS_RSA_WITH_3DES_EDE_CBC_SHA) cipher suite from the “Medium security, good compatibility: Disable SSLv3 but enable TLS 1.0” option in the SSL section of our control panel, because PCI scanning companies have started flagging the existence of that cipher suite as a “fail”. (We told you it was technical!)

This change may make “medium security” SSL connections show errors for some very old browsers running on Windows XP. (Most such browsers already failed anyway with “medium security”, and they can’t connect to most major sites on the Internet, so almost nobody uses them.) In the unlikely event that you do need a very old browser like that to connect to an SSL-enabled site, you can choose Low security, excellent compatibility: Enable SSLv3 and TLS 1.0 in our control panel to allow it.