Trong một số trường hợp cài SSL trên máy chủ IIS 7 & 8, bạn có thể gặp lỗi sau khi truy cập trên Chrome
Your connection to domain.com is encrypted using a modern cipher suite./ Kết nối của bạn tới tenmiem.com được mã hóa bằng bộ số 0 hiện đại.
Bạn vui lòng làm theo hướng dẫn sau để khắc phục:
Update – 2.2.2016 – The ciphers originally listed in this post no longer work to fix the obsolete cryptography warning as Google has upped the requirement from DHE with AES_128_GCM to ECDHE with AES_128_GCM or CHACHA20_POLY1305. The only ciphers we have on Windows that are close to this requirement are all ECDHE-ECDSA which will require an ECC (Elliptic Curve Cryptography) certificate to be used vs ECDHE-RSA which requires a certificate signed with the standard RSA key algorithm.
To get an ECC certificate, the CSR for the certificate has to be
generated with ECDSA as the key algorithm (rather than RSA 2048 or
4096). If you do have one of these certificates you can then use the
steps in this post to bump the following cipher suites to the top to
satisfy the obsolete cryptography warning:
I have an updated post about acquiring an ECC certificate and steps needed to implement the ECDHE_ECDSA ciphers here:
IIS 8 with ECC certificates – increasing your SSL Security on Windows Server 2012
If you have a regular certificate signed with RSA like most are, I would go with the settings mentioned in this post:
Hardening SSL & TLS connections on Windows Server 2008 R2 & 2012 R2
This post is going to be a quick and simple tip that should work on IIS 7 and IIS 8 to fix the “Your connection to somedomain.com is encrypted with obsolete cryptography.” warning that recently popped up in Google Chrome seen below:
Before we can fix it, we need to make sure that the following patch is installed from MS14-066:
Which adds support for the following cipher suites:
Note as the KB mentions there were quite a few issues reported with this patch, so be sure to test before you put it in production and have a roll back plan in place.
Once the patch is installed, we will need to download IIS Crypto from Nartac Software and then follow these steps:
IIS Crypto settings:
And Chrome now shows that we are using Modern Cryptography:
Hope this helps!
Sản phẩm của