What's hard about doing TLS1.2 everywhere? Every web browser shipped or updated from mid-2012 onwards supports 1.2. The population of browsers that only support TLS1.0 and 1.1 is less than 1% now by most measurements of useragent on a large scale.
On Mon, Apr 9, 2018 at 2:51 PM, Mike Hammett <af...@ics-il.net> wrote: > "You should have https (TLS1.2) everywhere, on every sort of public facing > httpd these days, with at least a letsencrypt certificate." > > We'll eventually have to because Google, etc. will make us, but it's > extremely unnecessary. It's even foolish in many situations. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > *From: *"Eric Kuhnke" <eric.kuh...@gmail.com> > *To: *af@afmug.com > *Sent: *Monday, April 9, 2018 4:49:01 PM > *Subject: *Re: [AFMUG] ssl certs > > I have seen studies showing that ecommerce checkout/cart servers do have > lower "abandon order" rates when using EV SSL. If you're going to have one > billing server hostname that you fully control (eg: > https://billing.ispname.com) it might be worth it. > > Things like Paypal, online banking and other stuff do make extensive use > of EV SSL. > > It used to cost $395/year, now it's $85/year and dropping in price > further. > > The big change coming in both Chrome and Firefox is that any non-https > page will soon be marked as "Insecure" in the URL/address bar. You should > have https (TLS1.2) everywhere, on every sort of public facing httpd these > days, with at least a letsencrypt certificate. > > > > On Mon, Apr 9, 2018 at 1:20 PM, Simon Westlake <simon@sonar.software> > wrote: > >> In 99.9% of cases, EV is useless. If you are going to educate your >> customers religiously to look not only for the green padlock, but for your >> name in the address bar, maybe it's worthwhile. Most people don't look or >> care. Google doesn't have an EV cert. Neither does Microsoft or Facebook. >> My power company doesn't. Most insurance companies don't. >> >> The only place I've seen them used heavily is in the financial sector, >> and I'd guess that's more about CYA than technical value. >> >> ------ Original Message ------ >> From: "Eric Kuhnke" <eric.kuh...@gmail.com> >> To: af@afmug.com >> Sent: 4/9/2018 3:03:38 PM >> Subject: Re: [AFMUG] ssl certs >> >> these days there are essentially two types of SSL cert, DV and EV >> >> DV = domain validated. anyone can get one. this is the same idea for the >> $9 SSL certs and free letsencrypt. you only need to prove you control the >> domain/server it's issued for. >> >> EV = extended validation, you need to prove your corporate identity. >> should cost around $85/year. >> >> EV will result in the big green banner with company name in most modern >> web browsers. >> >> https://www.google.com/search?client=ubuntu&channel=fs&q=EV+ >> SSL+certificate&ie=utf-8&oe=utf-8 >> >> On Mon, Apr 9, 2018 at 11:59 AM, Steve Jones <thatoneguyst...@gmail.com> >> wrote: >> >>> tbh, im not really looking for alternative sources, im asking advice on >>> what i need in a certificate >>> >>> On Mon, Apr 9, 2018 at 1:52 PM, Cameron Crum <cc...@murcevilo.com> >>> wrote: >>> >>>> ssls.com >>>> >>>> On Mon, Apr 9, 2018 at 1:02 PM, Steve Jones <thatoneguyst...@gmail.com> >>>> wrote: >>>> >>>>> Im no webdude is the main reason. I know alot of people use it, >>>>> phishermen love them. Theyre "trusted, but not verified" which, to no >>>>> webdude me, says "IT WILL BECOME UNTRUSTED". I hate godaddy, but theyre >>>>> not >>>>> likely to become untrusted, so its not something id have to deal with with >>>>> little to no knowlege. plus I dont understand this 90 day thing >>>>> >>>>> >>>>> On Mon, Apr 9, 2018 at 12:08 PM, Mike Hammett <af...@ics-il.net> >>>>> wrote: >>>>> >>>>>> Can you use Let's Encrypt? >>>>>> >>>>>> >>>>>> >>>>>> ----- >>>>>> Mike Hammett >>>>>> Intelligent Computing Solutions <http://www.ics-il.com/> >>>>>> <https://www.facebook.com/ICSIL> >>>>>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>>>>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>>>>> <https://twitter.com/ICSIL> >>>>>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>>>>> <https://www.facebook.com/mdwestix> >>>>>> <https://www.linkedin.com/company/midwest-internet-exchange> >>>>>> <https://twitter.com/mdwestix> >>>>>> The Brothers WISP <http://www.thebrotherswisp.com/> >>>>>> <https://www.facebook.com/thebrotherswisp> >>>>>> >>>>>> >>>>>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>>>>> ------------------------------ >>>>>> *From: *"Steve Jones" <thatoneguyst...@gmail.com> >>>>>> *To: *af@afmug.com >>>>>> *Sent: *Monday, April 9, 2018 12:07:04 PM >>>>>> *Subject: *[AFMUG] ssl certs >>>>>> >>>>>> Our current cert for our billing server (powercode) is about to >>>>>> expire. For some time web browsers have been throwing up the insecure >>>>>> flag, >>>>>> probably needed to update it. >>>>>> >>>>>> What does a guy need in a certificate these days? godaddy is where we >>>>>> have it from, they have all kinds of options like green bar guarantee >>>>>> cert, >>>>>> etc. >>>>>> >>>>>> I have thought about getting one thats good for more than one page, >>>>>> just to get rid of the annoying security screen on our managment port and >>>>>> mobile. but the wildcard cert seems more pricey than id prefer for >>>>>> something thats just convienient rather than needed >>>>>> >>>>>> >>>>> >>>> >>> >> > >