Mozilla SSL Configuration Generator: modern vs intermediate profile

by Tom   Last Updated August 10, 2018 12:00 PM

I'm using the Mozilla SSL Configuration Generator to generate an Apache SSL configuration. I'm planning to serve the site fully via HTTPS and enable HSTS.

https://mozilla.github.io/server-side-tls/ssl-config-generator/

However, it's not clear to me why I should go with either a modern or intermediate profile and how this will affect users? For example, the oldest compatible Chrome version for the modern profile is Chrome 30. What happens in these scenarios with HTTPS and HSTS enabled?

1) User using Chrome 31 - Gets HTTPS & HSTS and everything works fine?

2) User using Chrome 29 - Gets...?



Related Questions


Why must a HSTS header not be sent on HTTP

Updated April 03, 2017 11:00 AM

Nginx - HSTS and Redirect non-www to www

Updated July 04, 2018 09:00 AM

Adding HSTS to nginx config

Updated September 21, 2017 23:00 PM

How to configure HSTS in Wildfly the proper way?

Updated September 27, 2017 11:00 AM

Bypass HSTS sites in squid

Updated April 28, 2018 19:00 PM