Hardenize Compatibility Issue With Let's Encrypt Certs Using tlsserver
Hardenize Compatibility Issue With Let's Encrypt Certs Using tlsserver
grapheneos.social
GrapheneOS (@GrapheneOS@grapheneos.social)
We noticed Hardenize (https://www.hardenize.com/) isn't compatible with Let's Encrypt certificates using the recently launched tlsserver
profile. See https://letsencrypt.org/docs/profiles/ for details, it mainly drops non-SNI client support. Maybe we have a contact who can get it fixed quickly.
We deployed tlsserver
for our services to prepare for shortlived
:
https://grapheneos.social/@GrapheneOS/114452845473608945
We didn't deploy it for SMTP because too many mail servers likely still lack SNI support. For SUPL, we did a hybrid deployment until we're ready to drop 4th/5th gen Pixel support.