I’ve been running very secure websites from day 1. This website (jeroenlandheer.com) used to be hosted with tumblr, now it is a self-hosted wordpress website with proper HTTPS security. In fact, we get an A+ rating from Qualys.
TLS 1.2 was first supported by Internet Explorer 11 (October 2013), FireFox 27 on Windows 8 (February 2014), Android Kitkat (4.4, October 2013) and others around that same period. So basically, TLS 1.2 is already more than 5 years in use. This is for me a point that I confidently can say, there’s no need for older tech than that. Also I’ve removed ciphers that are marked as ‘weak’, since they aren’t used anymore by modern browsers. If you can read this post, your browser is probably having no issues with this 🙂
So I’ve decided not to support TLS 1.0 and 1.1 anymore, and am working on supporting TLS1.3 soon. OpenSSL just released TLS1.3 this month, implementing this tech is still quite a bit of a challenge. I’m working on a test site now, once I’ve got that one going I’ll upgrade my front-end proxy to support TLS 1.3 Also I’m upgrading my servers to Ubuntu 18.04 LTS. Some servers already have been upgraded, others will follow soon.