0

We have been having problems for a few weeks now:

Some users who go to our sites have a blank IE error page from the home page: "navigation to the website has been canceled".

After research, this problem is related to:

  • Microsoft Internet Explorer 9 (and others?)

  • TLS 1.2 (SSL certificate "Let's encrypt")

As soon as we switch to TLS 1.1, the problem disappears, but security is less present.

We are using :

  • NGINX 1.4.6

  • Here is the configuration of

/etc/nginx/conf.d/ssl.conf :

ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared: SSL: 10m;
ssl_ciphers 'xxxxxxxxx';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  • If we delete "TLSv1.2" the problem disappears, but it is a temporary solution ..

Has anyone ever encountered this problem?

DavidG
  • 24,279
  • 14
  • 89
  • 82
N Toug
  • 1

1 Answers1

1

Internet Explorer 9 is like what, Windows Vista? Just let that sink in for a bit...

Whatever you do, do not trade transport security strength for Internet Explorer compatibility. In essence you are trying to patch the Titanic. Sure, nothing short of heroic, there are many souls on board, but in this metaphor it is a slow sinking boat, people can jump ships, even Microsoft did.

What i'm really saying is, don't be Rose — I will never let go, Jack. I’ll never let go.

See this answer for a friendlier approach, meaning redirect to Your browser uses obsolete cryptography page with TLS protocol version detection.

evilSnobu
  • 24,582
  • 8
  • 41
  • 71