Philosophy, Overview, and Yet Another Rant
This server is a private, non-profit web host (and other things). This host aims to be compliant to modern standards, i.e. it is ahead of corporate standards which, in some cases, need to be more insecure to be able to communicate with poorly maintained hosts of partners they are doing business with - or, in the majority of cases, are born out of the neglecting indifference of the latter. (IT has to be cheap even if all our safeties and communication run in it, you know?)
We don't believe in Windows products being fit for the server world out there. This is nothing unique: The majority of the internet e.g. rather believe in Apache and/or nginx above M$ IIS. Furthermore, while there are severe vulnerabilities “even in GNU/Linux” from time to time, which is natural, security is still not that hard to maintain in the long run while being more transparent compared to click-a-doodle systems (unless they're dumb unprivileged slaves doing nothing). With FOSS, the uproar is there more quickly and there are more heads loving their job, not only the numbers, up to fixing the thing. Ask yourself: what if OpenSSL were a blackbox appliance, what would have happened?
While corporate IT often tends to believe IT needs to be cheap and, most above all, most easily measurable, we believe in “FOSS software” (noticed the redundancy?) and work that is worth the effort. While we do pay ourselves (and it's easy to yell from that candy mountain), you should consider real work on crucial interfaces (and a standard shut-off of some cheap one-size-fits-all appliance from who knows whom). We don't negotiate prices for ready-to-use fairies, we use modular advanced technology. What will the world become if everybody uses one-in-all technology that is so simple any jackass out there understands it in 1 week? If you want to get an outlook: the research is not too hard and you don't need insight into industry, just look in the private sector and “google” (wink, wink) the failures of the Internet of Things.
By the way: we don't believe in any FOSS. There's a multitude of solutions to every question, many of them abandoned or even badly implemented; and often enough one sees blackbox appliances just using technology from the unwashed hippies sleeping on their keyboards the appliance vendor seems to spite, but in a sorry state (in many cases patched too long ago) – your router or firewall may even be one of them ;)
Look at it from a private point of view. You don't have anything to hide from the state? Fine, so do we. But the world is full of people you don't know who want to draw advantage from whatever they get their hands on. You don't need to protect yourself from the law - those who prosecute it should be able to adhere to it - you need to protect yourself from random people. Here's an example from everyday usage why you should consider being... not ferociously naïve.
So this is why you can only use HTTPS here, and why the engine behind does a bit more than just some broken SHA1+cipher_from_the_stone_ages placebo, but instead you will fail when trying to use IE6 on WinXP when connecting here. This is a private site, we don't care if somebody is too stupid for even the usage of computers.
You are using Exchange 2003 and are stupid enough to set this free to the internet? Fine for you. We won't be able to talk to that, and it's good. This server aims at something between Mozilla Intermediate and nearly-NIST compliance. If something falls of the edge, it's obsolete. Prejudices (read: sane, not insane paranoia) are a fine thing when it comes to security.
Let's admit: we're all lazy. For example this web server is not written in its own language (so: unlike here), we just took what is there and are using it. But we won't just fire up an apache, look that it's running somehow and go home. Every service is entitled to its own definition. And if something becomes outdated, we will supersede it. Don't touch it while it runs doesn't work. These times are over, people find out security holes way more quickly than “back in the days”™, so your sendmail config from 10 years ago with alterations at one line per host may have run for a long time, but... nope. This server's administration is also lazy as heck, but we don't lie to ourselves (at least we try not to).
Also: fine for you if you can administer your $service with FTP, but FTP is too old! If this means that some 2016 gaming server that is again (...yawn...) written too poorly on the backend side because “heck let's not give a shit our shiny product is finished!” needs to be updated with config files on the server, then script it for the gods' sake. Or rely on insecure technology, your choice. I.e.: investigate which type of laziness is worthwhile and which is dangerous.
P.S.: If you don't see a yin/yang sign above the header but just some garbage: fetch a modern browser. This is unicode and 2016, you may want to update.