I have recently noticed, first on a client’s site, then this site, that WP Engine is rolling out support for TLS 1.2.
Also numerous other improvements including
- Removing weak Diffie-Hellman (DH) key exchange parameters. Going from a 1024-bit to 2048-bit group. (think Logjam)
- Adding additional cipher suites
- Supporting TLS_FALLBACK_SCSV to prevent protocol downgrade attacks
- Additionally supporting TLS 1.1
I have been using TLS with WP Engine on this site since April 10th, 2015 and in just under two months have seen my overall rating from Qualys SSL Labs improve from a C to a B to an A-.
Graham Cluley, who also hosts with WP Engine, mentioned in his post, And it’s goodbye to HTTP from this website…, that he switched over on March 3th, 2015 and quickly replied to a comment that, “Unfortunately at the moment my hosting provider doesn’t offer TLS 1.1 and 1.2.”
Well good news for Graham, his server configuration has also been updated and he is scoring an A- as well.
and this from back in November 2014
@TimHaines Hi, Tim! Not at this time ^EZ
— WP Engine Support (@WPESupport) November 11, 2014