From ebbf7a7b74395e316d0c08267d4bacc2150e6395 Mon Sep 17 00:00:00 2001
From: Steve Kamerman <stevekamerman@gmail.com>
Date: Thu, 29 Sep 2016 21:57:28 -0400
Subject: [PATCH] Expanded documentation in SSL/TLS support

---
 README.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 0a7593d..c4a629e 100644
--- a/README.md
+++ b/README.md
@@ -162,10 +162,13 @@ and `CERT_NAME=shared` will then use this shared cert.
 
 #### How SSL Support Works
 
-The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
+The SSL cipher configuration is based on the [Mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
 should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
-Windows XP IE8, Android 2.3, Java 7.  The configuration also enables HSTS, and SSL
-session caches.
+Windows XP IE8, Android 2.3, Java 7.  Note that the DES-based TLS ciphers were removed for security.
+The configuration also enables HSTS, PFS, and SSL session caches.  Currently TLS 1.0, 1.1 and 1.2
+are supported.  TLS 1.0 is deprecated but its end of life is not until June 30, 2018.  It is being 
+included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
+IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
 
 The default behavior for the proxy when port 80 and 443 are exposed is as follows: