: Check browser compatibility of SSL I wanted to add SSL to my domain and as EV SSL is very expensive I'm going to go with DV SSL. because I just what to enable encrypted logins. Different

@Correia994

Most of the time it's not the SSL that browsers don't support - it's your server settings and cipher suite. All new browsers support pretty much everything though, its just the old stuff you have to worry about. Examples are as follows:


SNI - This is to allow multiple certs on multiple domains to be applied to 1 IP. Known as a multi-tennant server. XP users with old IE will not be able to connect.
ECDH - This is a protocol that is getting quite popular. Cloudflare for example uses it by default (and exclusively) for Flexible SSL on all free plans. The only browser on XP that will work with this is Firefox. All others won't connect.
Forward Secrecy - This makes more localized handshakes based on more unique keys. Various old versions of browsers on XP will not connect.
POODLE fixes - This shouldn't affect much, but taking away support for SSL2/3 and only allowing TLS can affect some very old browsers, old CURL, or other utility layers.
Your Chosen Ciphers - This is totally dependent on what you choose to support as far as ciphers go. You can trim down your list and make it very secure, at the risk of locking out old browsers.


As mentioned, Qualys is the go-to when it comes to SSL audits.

Vote Up Vote Down

@Shanna517

You can take a look into Qualys SSL labs.
Another good Certificate Authority or reseller can provide you with browser compatibility information.

An example of this is www.positivessl.com/browser_compatibility.php
Know that the configuration of your SSL settings also can affect the browser or device compatibility.

Other things to consider are:


The price.
Registering a certificate signed with SHA-2 instead of SHA-1 (since Microsoft will stop supporting SHA-1 signed certificates soon).
Wildcard or single domain certificate.

Vote Up Vote Down