1

Our system is quite old and as a result gets an F grade for SSL from Qualsys SSL because the server supports SSL2 and SSl3.

We have now identified all the browsers people are using. The oldest is IE7.

If we disable SSL2 and SSL3 ensuring TLS 1 on are enabled, will it appear seamless to our customers or will they need to do anything?

DomBat
  • 149
  • 1
    Don't forget in addition to the above, you can add some script to your site to perform browser detection and force redirect to either a browser upgrade page - or a help page describing how to enable TLS (or upgrade!) If your site is public facing, also be sure to explain the reason for the redirect. –  Apr 22 '15 at 18:37

2 Answers2

7

IE 7 and above support TLS 1.0 and have it enabled by default, so it should work without any impact. Actually, IE 6.0 also supports TLS 1.0, but it is disabled by default.

Of course, some creative users may have gone through their "advanced Internet settings" and disabled TLS 1.0, under the obvious reason that "SSL 3.0 is better than TLS 1.0 since 3 is greater than 1". There's no helping some people.

Tom Leek
  • 286
0

Useful link from before this question was migrated: http://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers

DomBat
  • 149