Forcing HTTPS is working…but security analyzer shows I still support TLS 1.0 and 1.1 protocols… when my customer(client) wants me to only support TLS 1.2. Do I have any options on Glitch…? (https://glitch.com/edit/#!/force-http-or-https)
- I’m following this project structure and am indeed getting HTTP->HTTPS redirect… which is great. But…
- A client I’m working for wants me to pass certification on this tool (“A” in “protocol support” => TLS 1.0 and 1.1 must be disabled… , Qualys, (ssllabs dot com)
- You’ll notice that the above ‘*force-http-or-https’ project, when taken to the Qualys site, scores a ‘B’ in ‘protocol support.’ And the site states that ‘it supports TLS 1.0 and 1.1’ so…
Is this the best we can do on Glitch…?
I dug around and tried nginx deployment… and subtracted support for TLS 1.0,1.1 - but I end up in a continuous bounce redirect loop and 301-error.
Should I be exploring Heroku and going into the depths of ‘certs’, ‘Cert Authorities’, ‘Cipher suites’ etc?? Is it time to cut bait on the two Glitch fish…? I don’t want to.