1

Along with many others, I too have had the problem of Google Chrome complaining about outdated security settings on my site. I have a RapidSSL cert, so I reissued the cert and it now checks out using this tool and SSL Labs. Chrome is loading the re-issued certificated, but it still complains about outdated security. I notice that in Chrome's certificate viewer, there is still a reference to a SHA-1 fingerprint. Is that the problem? If so, how can I fix it? If not, any ideas as to what is going on? :

screenshot

Community
  • 1
Judson
  • 111
  • 3
  • 2
    I get the green lock on Chrome 40/Windows. Maybe just cached on your browser? – faker Feb 11 '15 at 12:52
  • Yes, you're right. Tried it on a VM in Chrome 40 & 41 and it was fine. What's strange is that on my dev machine (Chrome 41, Chrome OS), it is showing the right certificate (the issue date is correct), but no green lock... – Judson Feb 11 '15 at 13:06
  • 2
    Same no problems . Sometime its a cache or proxy problem . but you have cipher handshake problems , do this (change cipher order at end ): https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy – YuKYuK Feb 11 '15 at 13:07
  • Thanks for that @YuKYuK. The article seems to recommend disabling SSLv2. Is that really desirable? – Judson Feb 11 '15 at 13:12
  • Do you need security ? :) – YuKYuK Feb 11 '15 at 13:12
  • I take that as a "yes". Thanks. – Judson Feb 11 '15 at 13:16
  • Indeed so - SSLv2 (and in fact SSLv3) are really only necessary to support very old browser/OS combos (ie6 on XP for example, both of which are beyond EOL at this point) - so there is very little counter-argument to disabling their support entirely in the interests of a (more) secure configuration. – BE77Y Feb 11 '15 at 15:22

0 Answers0