Outdated SHA algorithm on chrome
-
I am getting a red and crossed out https when visiting NodeBB or the NodeBB Community. Here are some screenshots:
Google Chrome's explanation on why it is displaying this error is pretty spare - actually there is zero explanation. So I am not very sure if that is the real cause, but my guess is that this is due to the SHA1 signature of your certificate, I tried searching for a solution but there is none except requesting a new certificate at your CA.
Some helping links:
And the same links as comparison for (my) working domain:
-
Yup, seems like you should update nginx' cipher set a bit
-
I don't think this is caused by NGINX' cipher suite as the SHA1 signature is kind of "embedded" in the certificate. But if it is possible to fix this in NGINX itself, here is my configuration for SSL, maybe compare it with your configuration.
## # SSL ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; ssl_ciphers 'HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'; ssl_buffer_size 1400;Oh and FYI: You'll drop support for all operations systems <Windows XP with:
ssl_ciphers 'HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';If you don't want that you should use:
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';Also, just out of interest: Is that occurring on your machine too @Moritz-Friedrich?
