We support modern/secure TLS using certificates issued by the authority of your choice. You are welcome to generate and use your own key and obtain certificates for aliases in any domain name you own, or you can have us do it for you for a small fee, or you can use streamlined tools we provide that work with the Let's Encrypt project to secure your site.
TLS on our system is implemented using the SNI (Server Name Indication) extension of TLS. This has widespread support, but somewhere out there on the Internet, some ridiculously obsolete browser or ancient device with outdated firmware can't handle it. If you have a requirement to support old, known-insecure versions of SSL, we cannot meet that requirement.
Our implementation of TLS has not been audited for and we do not support its use for the following:
- PCI DSS compliance for credit card processing. (Use a third-party processor; we're very happy with Stripe.)
- HIPAA compliance for sensitive medical information. (There's paperwork. Lots of it. You need a specialized — and very expensive — provider who can help prepare your compliance documents.)