If you still use Windows XP, you might have some trouble visiting Floobits.com.
That’s because we’ve changed our cipher suites. As of today, we only use strong ciphers that provide perfect forward secrecy. Unfortunately, some older browsers and operating systems don’t support any ciphers that meet those criteria. That includes all versions of Internet Explorer on Windows XP.
Deciding on a list of cipher suites isn’t easy. While some are very secure, only newer versions of OpenSSL and browsers support them. The tradeoff between compatibility and security is bad enough, but there are additional complications. For example, only the RC4 cipher can mitigate BEAST attacks against older clients. Unfortunately, RC4 is very weak.
In the end, we chose security in modern browsers over compatibility with older browsers. If you’d like to configure your site similarly, here’s the relevant snippet of our Apache web server config:
If you’d like to know more about our security practices, check out our security page.