mirror of
https://github.com/certbot/certbot.git
synced 2026-06-05 06:42:10 -04:00
e3dbd9ce4a
As discussed at https://github.com/mozilla/server-side-tls/issues/263, Mozilla's current intermediate recommendations drop support for some non-EOL'd versions of IE. [Their TLS recommendations were updated to suggest a couple possible workarounds for people who need this support](https://github.com/mozilla/server-side-tls/pull/264) and [April suggested that we make this change in Certbot](https://github.com/mozilla/server-side-tls/issues/263#issuecomment-537085728). We know `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` translates to `ECDHE-RSA-AES128-SHA` because [nginx uses the same cipher format as OpenSSL](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers) and the translation is shown in the table at https://github.com/mozilla/server-side-tls/blob/gh-pages/Cipher_Suites.mediawiki. The risk of regressions making this change is low as we always had this ciphersuite enabled just a few releases ago: https://github.com/certbot/certbot/tree/v0.36.0/certbot-nginx/certbot_nginx * Keep compatibility with IE11 * update changelog |
||
|---|---|---|
| .. | ||
| tests | ||
| tls_configs | ||
| __init__.py | ||
| configurator.py | ||
| constants.py | ||
| display_ops.py | ||
| http_01.py | ||
| nginxparser.py | ||
| obj.py | ||
| parser.py | ||
| parser_obj.py | ||