So, I have enabled https on all our sites at Molly Rocket. I hate the web and I hate Apache and I hate everything, so it all sucks but I do want to ask the basic due diligence question for those of you who know web things: what should I do for Apache configuration regarding HTTPS security?
I have found that if I do the recommended protocol removals (nothing below SSL 3, etc.), then the site is not accessible from most Android devices. Basically only the very newest Android devices can connect. This doesn't seem desirable for a site such as, you know, handmadehero.org which is not meant to handle super-sensitive information anyway?
So I am wondering if there is a recommended set of things to do for a website which wants to be reasonably good for secure use, but doesn't want to become inaccessible to a lot of people.