Thank you, I got a response from my user. They are using a very old iPod Touch:
SSL/TLS Capabilities of Your Browser
User Agent: Mozilla/5.0 (iPod; CPU iPhone OS 6_1_6 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B500 Safari/8536.25
Protocol Support
Your user agent has good protocol support.
Your user agent supports TLS 1.2, which is recommended protocol version at the moment.
So while it’s old (and I’m aware that it’s far away from Discourse‘s minimum supported OS+browser) I‘d like to enable them to a least connect to the site and see how their browser fares with the modern HTML and JavaScript.
This is the detailed TLS support report:
Protocol Features
Protocols
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 Yes
SSL 2 No
Cipher Suites (in order of preference)
TLS_EMPTY_RENEGOTIATION_INFO_SCSV ( 0xff
) -
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ( 0xc024
) WEAK 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ( 0xc023
) WEAK 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ( 0xc00a
) WEAK 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ( 0xc009
) WEAK 128
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ( 0xc007
) INSECURE 128
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ( 0xc008
) WEAK 112
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ( 0xc028
) WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ( 0xc027
) WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ( 0xc014
) WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ( 0xc013
) WEAK 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA ( 0xc011
) INSECURE 128
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ( 0xc012
) WEAK 112
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ( 0xc026
) WEAK 256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ( 0xc025
) WEAK 128
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ( 0xc02a
) WEAK 256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ( 0xc029
) WEAK 128
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ( 0xc004
) WEAK 128
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ( 0xc005
) WEAK 256
TLS_ECDH_ECDSA_WITH_RC4_128_SHA ( 0xc002
) INSECURE 128
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ( 0xc003
) WEAK 112
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ( 0xc00e
) WEAK 128
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ( 0xc00f
) WEAK 256
TLS_ECDH_RSA_WITH_RC4_128_SHA ( 0xc00c
) INSECURE 128
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ( 0xc00d
) WEAK 112
TLS_RSA_WITH_AES_256_CBC_SHA256 ( 0x3d
) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 ( 0x3c
) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA ( 0x2f
) WEAK 128
TLS_RSA_WITH_RC4_128_SHA ( 0x5
) INSECURE 128
TLS_RSA_WITH_RC4_128_MD5 ( 0x4
) INSECURE 128
TLS_RSA_WITH_AES_256_CBC_SHA ( 0x35
) WEAK 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA ( 0xa
) WEAK 112
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 ( 0x67
) WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 ( 0x6b
) WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA ( 0x33
) WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA ( 0x39
) WEAK 256
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ( 0x16
) WEAK 112
TLS_ECDHE_ECDSA_WITH_NULL_SHA ( 0xc006
) INSECURE 0
TLS_ECDHE_RSA_WITH_NULL_SHA ( 0xc010
) INSECURE 0
TLS_ECDH_ECDSA_WITH_NULL_SHA ( 0xc001
) INSECURE 0
TLS_ECDH_RSA_WITH_NULL_SHA ( 0xc00b
) INSECURE 0
TLS_RSA_WITH_NULL_SHA256 ( 0x3b
) INSECURE 0
TLS_RSA_WITH_NULL_SHA ( 0x2
) INSECURE 0
TLS_RSA_WITH_NULL_MD5 ( 0x1
) INSECURE 0
(1) When a browser supports SSL 2, its SSL 2-only suites are shown only on the very first connection to this site. To see the suites, close all browser windows, then open this exact page directly. Don’t refresh.
Protocol Details
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets No
OCSP stapling No
Signature algorithms SHA384/RSA, SHA256/RSA, SHA1/RSA, SHA256/ECDSA, SHA1/ECDSA
Named Groups secp256r1, secp384r1, secp521r1
Next Protocol Negotiation No
Application Layer Protocol Negotiation No
SSL 2 handshake compatibility No
Mixed Content Handling
Mixed Content Tests
Images Passive Yes
CSS Active Yes
Scripts Active Yes
XMLHttpRequest Active Yes
WebSockets Active Yes
Frames Active Yes
(1) These tests might cause a mixed content warning in your browser. That’s expected.
(2) If you see a failed test, try to reload the page. If the error persists, please get in touch.
Sorry about the formatting, the user copy-pasted the rich text HTML for me and some of it gets lost when pasting to Discourse. I’ll try to figure out how to fix the formatting later.
As I said, I’d like to enable them to at least establish a secure connection so they’ll see something and it should be possible as the browser supports TLS 1.2. But I guess I’d have to enable some less-secure config for TLS 1.2 for their browser to be supported. I don’t know enough about TLS condors to match the output of that report to what the server supports and what I’d have to change. Can you tell me what’s missing and what I’d have to change?