0

I am developing an Angular 6 PWA served on IIS 8 (windows server 2012 R2) but i am facing various issues with https certificates: google chrome (both the android and desktop version) warns me that the cipher i use it's obsolete (i already tried to change them with iiscrypto with no luck).

Actually, i am stuck with cipher AES_256_CBC HMAC-SHA but still chrome tells me it's obsolete.
How can i resolve this issue and securely serve my application over HTTPS (with full PWA support?).

P.S. Keep in mind using let's encrypt it's not an option: i need to distribute this application amongst many costumers, and i can't keep renew certificates every 90 days.

enter image description here

illeb
  • 101
  • 2
  • I would check there; https://security.stackexchange.com/questions/145196/chrome-browser-reports-obsolete-cipher-aes-256-cbc-with-hmac-sha1 – yagmoth555 Sep 26 '18 at 13:05
  • https://www.nartac.com/Support/IISCrypto/FAQ Please check "What is the Best Practices cipher suite order" and compare to your own. If the first few take effect, then the obsolete one should not be used any more. The warning itself has nothing to do with your certificate, which is OK to stay. – Lex Li Sep 26 '18 at 22:34

0 Answers0