What cipher suites are enabled on paid certs from Netlify?

answered
#1

I ask this due to my current provider’s refusal to directly address the attacks v CBC ciphers in TLSv1.2. While I understand that the attacks are ineffective against TLSv1.3, completely disabling use of TLSv1.2 is unfortunately not a reasonable option within today’s network ecosphere. Thank-you all for your your time.

  • intr0
#2

Well, look at this: the relevant part of most recent scan of a site I’ve got served via GitLab’s Netlify integration:

And the most recent of a site hosted with (y)

#3

It is also possible to upload your own certificate. You are not required to use the one we auto-provision for a site.

1 Like
#4

to follow up on Luke’s response, the certificates we provide are all identical no matter how much you pay us :wink: - standard from Lets Encrypt: https://letsencrypt.org/

1 Like
#5

Thank-you for your answers. As you can see from the screenshots I’ve posted, the certs Netlify issues are not affected, whereas those issued by (y) are affected.

(Attachment publickey - admin@intr0.com - 0xCA04F762.asc is missing)