TLS ciphers issue with Chrome beta
Problem
chrome version 53.0.2785.46 beta (64-bit), mac os x, ERR_SSL_OBSOLETE_CIPHER. (Reported at https://twitter.com/SteveEdson/status/763310147137572864)
- @aral prob is on your end: https://gist.github.com/Synchro/85fa87758bf7804d0131c74c574138f3 Also your server clock is out by 2 mins and you’re running old nginx (and advertising it) (https://twitter.com/SynchroM/status/763318409421611008)
- @aral You’re also blocking IE 11 on Win Phone 8.x with your cipher suite - look at the handshake tests on @ssllabs or testssl.sh (https://twitter.com/SynchroM/status/763320096127418369)
Solution
-
Upgrade nginx -
Turn off nginx server tokens -
Update cipher list
Bonus:
-
Enable OCSP stapling -
Enable HTTP2