Remove 'Changes needed to match the old level' from 'analysis.py'?

Question

Remove 'Changes needed to match the old level' from 'analysis.py'?

sindarina opened this issue 9 years ago · 2 comments

It seems to me that 'the old level' is well past its due date, with recommendations like;

Changes needed to match the old level:
* consider enabling SSLv3
* use a certificate with sha1WithRSAEncryption signature
* use DHE of 1024bits and ECC of 256bits
* consider enabling OCSP Stapling

Perhaps it should be removed, limiting recommendations to the intermediate and modern levels only?

Answer 1 · 2015-12-23T11:08:58.000Z

Some people need support for clients like IE 6 on Windows XP pre SP3 or Java 6. For that, settings like that are necessary, even if they are definitely insecure.

After all, it's better to download a current version of Chrome or Firefox over bad encryption than no encryption what so ever.

Answer 2 · 2015-12-23T13:22:12.000Z

As @tomato42 indicated , this level is still needed.