Drop support for weak cipher suites

The Qualys SSL Server Test shows that haveibeenpwned.com supports weak cipher suites for TLS 1.2. Please drop support for these to make haveibeenpwned.com even more secure.
https://www.ssllabs.com/ssltest/analyze.html?d=haveibeenpwned.com

1 vote

Kenneth Barber shared this idea · Sep 25, 2019 · Report… · Admin →

declined ·

AdminTroy Hunt (CEO / Founder, Have I Been Pwned) responded · Sep 25, 2019

TLS termination is done at Cloudflare and this is not a configurable attribute. It poses a minor risk hence the A+ SSL Labs rating HIBP receives.

An error occurred while saving the comment

AdminTroy Hunt (CEO / Founder, Have I Been Pwned) commented · September 25, 2019 4:58 AM · Report

No, low priority for me right now.

Submitting...
Kenneth Barber commented · September 25, 2019 4:46 AM · Report

Troy, have you ever talked to Cloudflare about making it configurable or making a sweeping change for everyone?

Submitting...

I suggest you ...