graeme_p - 11:50 am on Sep 21, 2011 (gmt 0)

it's probably going to contain more than just a password

Why would a cookie contain a password, and why would contain anything more than a session identifier?

However, checking TLS 1.1 & TLS 1.2 in IE has been known to make certain sites unreachable

That sounds like the problem with GnuTLS, and its even more of a problem if you disable TLS1 (and, of course, all SSL versions as well).

DO you want complete security, or everything working? Tough choice.