Restoring IE8 on Windows XP support

[solarus0]

With the new cipher suite in the previous commit, you must be aware that IE8 on Windows XP doesn't work anymore. If you want to keep supporting this browser, you can use this new cipher suite recommended by Mozilla.

[solarus0]

With the present cipher suite :

[solarus0]

And with the new :

[opi]

Related issue : https://github.com/YunoHost/packages/issues/7

@solarus0 : Can you give us a link to the Mozilla's ressource about ciphers please ?

By the way, I don't really care about support this old-and-dead browser, on this no-longer-maintained OS ;)

[solarus0]

Here is : https://wiki.mozilla.org/Security/Server_Side_TLS : It's the "intermediate compatibility" cipher suite. The cipher suite seems to have been updated on their site, maybe i will change my commit too.

Imo : It's not a problem to support old browser or OS in HTTPS until they are able to use non-deprecated ciphers. With the poodle flaw on SSLv3, IE6 is dead, but there is no reason to not support the newer versions of IE.

[solarus0]

I made a new commit with the new Intermediate Mozilla cipher suite.

[Kloadut]

Hmm, that complexifies a lot the cypher suite configuration line... I don't think it worth the shot. At least on Windows XP, Firefox is the bare minimum.

[Kloadut]

But thanks for the tip and the PR :)

[solarus0]

No problem, you're welcome.

If you want to keep the configuration simple, you can also remove the cipher suite. The nginx default configuration is pretty good for dealing with ciphers.