I know this isn't a banking website that needs high security, and I doubt there's hackers out there plotting how to break TD. But I just thought I'd let Chicken know that his TLS settings are configured wrong. When I check the certificate for this site, my Chrome browser is giving me a warning saying the connection settings are "obsolete."

This site seems to prefer AES-CBC mode, but that is now broken and shouldn't be the preferred option. Here is how my latest version of Chrome lists its cipher preferences. If I were Chicken, I would just configure my server to have the same preferences. (I am assuming Chicken or his webmaster knows where the config file is):

AES_128_GCM_SHA256
AES_256_GCM_SHA384
CHACHA20_POLY1305_SHA256
ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ECDHE_RSA_WITH_AES_256_GCM_SHA384
ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

Then at the bottom of the list you could accommodate old browsers:

ECDHE_RSA_WITH_AES_128_CBC_SHA
ECDHE_RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_GCM_SHA256
RSA_WITH_AES_256_GCM_SHA384
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA

Basically you want all the "AES-GCM" modes and all the "ChaCha20-poly1305" modes to be at the top of the list. And you want to prioritize "ECDH" over the "RSA" modes (because ECDH is much faster).