
How's My SSL? - zerognowl
https://www.howsmyssl.com/
======
bandrami
It seems odd to say my SSL client is "bad" because it supports ciphers that
are bad along with ciphers that are better. That will only be an issue if
that's all the server supports, and they can't actually think that downgrading
to plaintext in that situation would be "better", can they? (Then again maybe
they can -- exim used to downgrade to plaintext if it didn't trust the
cert...)

~~~
zerognowl
Agreed. The onus is not only on the user to respond to threat landscapes, but
also on the site owners. Shunting all the responsibility to the site owner
typically does not work in your favor.

~~~
bandrami
And if the site owners are malicious or incompetent than even perfectly good
TLS doesn't really do much for you...

