Google Chrome : Your connection to website is encrypted with obsolete cryptography

Problem :

While checking out if my SSL certificates installed correctly. I noticed that Google Chrome labelled the SSL connection as encrypted with obsolete cryptography.

Apparently, the website server SSL ciphers are weak and obsolete by today's standard and Chrome decided to provide the accurate nerd data(which is something good).

Solution :

I need to change the ciphers that are used to encrypt the connection. Since I'm not good with encryption stuff, I decided to use configuration from my another website which was marked as "modern" cryptography. So what I did was to copy the configuration(Apache) over and adapt to Nginx.

These are the lines in the nginx.conf file after modification :

 # default settings commented out
 # ssl_protocols  SSLv2 SSLv3 TLSv1;
 # ssl_ciphers  HIGH:!aNULL:!MD5;
 # ssl_prefer_server_ciphers on;

 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4;
 ssl_prefer_server_ciphers on;

and after restarting Nginx. Google Chrome now sees the encryption as "modern" !

UPDATE : This is the Apache setting in ssl.conf file :

 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

Hope this simple tutorial can be useful to you.

Reference :

http://www.chromium.org/Home/chromium-security/education/tls