Hi First a disclaimer, I am not a professional SSL/TLS-dude :) From what I gather, with TLS 1.0 and the BEAST attack, only non-CBC-mode ciphers (i.e. RC4) are still "secure". TLS 1.1 mitigated that attack vector. Consider a case when the server needs to support TLS 1.0 and TLS 1.1: As far as I understand it, there's now way to configure the server to only allow the RC4-ciphersby nifer - Ideas and Feature Requests
![]() |
![]() |
![]() |
![]() |
![]() |