HTTPS config improvable

Your HTTPS config could be improved:

You are also attackable by Logjam and on your discuss site here there are mixed content errors.

I’m not seeing mixed content warnings on

I know the ssl configs aren’t optimal, but since there’s no actually sensitive data being exchanged, it is not a big priority for me to figure out how to improve that at the moment.

It tries to load the Favicon over HTTP:

Nothing sensitive - except of passwords and session cookies.
But it is okay. I do not say you should do it in the next 3 minutes, but consider to do it in the next time. If your server software is up-to-date it is not a big deal.