Google Chrome : Your connection to website is encrypted with obsolete cryptography
Problem :
While checking out if my SSL certificates installed correctly. I noticed that Google Chrome labelled the SSL connection as encrypted with obsolete cryptography.
Apparently, the website server SSL ciphers are weak and obsolete by today's standard and Chrome decided to provide the accurate nerd data(which is something good).
Solution :
I need to change the ciphers that are used to encrypt the connection. Since I'm not good with encryption stuff, I decided to use configuration from my another website which was marked as "modern" cryptography. So what I did was to copy the configuration(Apache) over and adapt to Nginx.
These are the lines in the nginx.conf file after modification :
# default settings commented out
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4;
ssl_prefer_server_ciphers on;
and after restarting Nginx. Google Chrome now sees the encryption as "modern" !
UPDATE : This is the Apache setting in ssl.conf
file :
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
Hope this simple tutorial can be useful to you.
Reference :
http://www.chromium.org/Home/chromium-security/education/tls
See also : SSL : The certificate is not trusted because no issuer chain was provided
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+6.8k Golang : Find the shortest line of text example
+11.4k How to tell if a binary(executable) file or web application is built with Golang?
+25.5k Golang : How to read integer value from standard input ?
+40.8k Golang : How to count duplicate items in slice/array?
+7.7k Golang : Handle Palindrome string with case sensitivity and unicode
+7.5k Golang : How to execute code at certain day, hour and minute?
+6.8k Javascript : How to get JSON data from another website with JQuery or Ajax ?
+9.2k Golang : Create unique title slugs example
+11.3k Golang : Change date format to yyyy-mm-dd
+17.1k Golang : Get future or past hours, minutes or seconds
+18k Golang : Get path name to current directory or folder
+8k Swift : Convert (cast) Character to Integer?