Free Plan, Dedicated SSL and Windows XP


#1

I have the Free Plan, if I buy the SSL Dedicated browsers in Windows XP will be able to access my site in https?


#2

I don’t think so. Windows XP doesn’t support SNI. Only Paid Plans provide support for legacy browsers.


#3

Purchasing a certificate for a single site wouldn’t be as safe or cost effective as upgrading the OS or free Linux options. Also, it’s only a matter of time before other legacy protocols and cipher suites are dropped making browsing impossible again…


#4

Pretty sure SNI is not the issue (and is definitely not the issue if the browser is Firefox, on any OS!), and not only that, dedicated certificates still require SNI support because you do not get a dedicated IP.

The issue rather than is the fact that Cloudflare’s free certs are Elliptic Curve, and old crypto engines (such as the one in Windows XP) do not support that, only RSA. On the paid dedicated “certificate”, actually more than one certificate is issued: both EC for better performance and security for clients that can handle it (99% are the numbers on my site), and RSA for the ancient ones that can’t (1%…), which includes whomever uses OS-based crypto and Windows XP. But someone with XP should be able to use Firefox (who do the crypto themselves with NSS) on an EC-only site and work well.