Several users have emailed us to report that they cannot access our site using Firefox because we're using SSLv3. The problem is, we discontinued support for SSLv3 a while ago. I've tested our site using the Qualys SSL Labs scanner and the report says we don't support SSLv3. I've also tried initiating a handshake from the command line using SSLv3 and it returns the correct error.
Has anybody dealt with this? Could anybody guess what's going on here? It's driving me nuts. I've tried restarting our servers, changing what ciphers we support (not protocols-- we only support TLSv1), promoting new servers to master via keepalived, and more. Users continue to complain that Firefox won't let them access our site.
Related
We recently updated the ssl certificate on our website and it works fine on chrome and firefox but when I use safari or edge on windows I get this error:
Any specific reason why this is happening, I manually removed the certificate and after that I visited the site again and didn't even save the certificate, why is that?
I had a look on the server logs, but couldn't find anything specific related to this issue.
This is what happens if I click on "view the certificate" :
Any help or input would be appreciated.
Website is not loading on Safari browser with SSL. Site is running on https (SSL) layer. Please refer attached screenshot to know more.
click here to see screenshot
P.S. I am using Windows 10 & SSL purchased from Godaddy
Safari refuses to connect to servers that don't match the minimum security requirements defined by Apple.
For example and example.
It will be necessary to contact the administrator of the server to be compliant with the standards or you can try a different browser (try IE, it never complains).
I have a web app for which I'm trying to disable versions of TLS that are older than 1.2. ie: I do not want to support TLS 1.0 or 1.1.
1) I've set the below in Azure Portal.
2) I created a simple webpage and uploaded it.
3) In IE Internet Options I disabled all TLS
4) I try to load the simple webpage and I correctly get the right error message.
5) I enable TLS 1.0 only, refresh the webpage and it still works (I've tried this from multiple systems to avoid caching issues). This shouldn't work as TLS 1.2 is still disabled.
I've tried googling the error and only found How to know if an Azure Server is under TLS 1.2 which doesn't work. Has anyone got this working?
I enable TLS 1.0 only, refresh the webpage and it still works (I've tried this from multiple systems to avoid caching issues). This shouldn't work as TLS 1.2 is still disabled.
We could get App Service Team's reply from this blog. It will work soon.
This will only launch toward the middle of May, due to the discovery of a breaking change this has the potential of causing.
I am working on a web development project and I was testing it primarily on Firefox. However, when I tried it on Google Chrome, it would not load completely and Chrome would warn me that the site had "insecure content". After searching for answers, I was advised to make my website use "https" rather than "http". I do not know much about SSL or anything like it, but I followed a set of instructions for setting up Apache to work with SSL. The instructions are here:
https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04
I followed them. The good news is, my website is accessable by https. The bad news is, unless https is typed, the website is inaccessible. On top of that, both Chrome and Firefox present messages saying "this certificate is not trusted", which is ironic, since I only did any of this to secure the site in the first place.
Can anyone show me where I went wrong or give a more complete explanation of what's going on? I am working on Ubuntu 12.10 with Apache 2 and PHP5.
you can search online to get the best SSL vendor and use that we use symantec at work http://www.symantec.com/theme.jsp?themeid=compare-ssl-certificates
use the below javascript to redirect http to https.
window.location.replace("http://stackoverflow.com");
"this certificate is not trusted" message is due to the fact that you are using a self-generated certificate. SSL uses a trusted third party (certificate authority) to ensure secure communication. You will need to purchase a certificate from one of these for your production environment. Simple google SSL certificate and you will get a whole bunch of options.
Whenever I try to access a NTLM authenticated intranet site, Safari takes forever to process and then comes back with "The sever is unavailable" or if allowed by the site, loads with out authenticating. I can access these same sites with no problems in both Firefox and Internet Explorer. The sites are hosted on IIS6 and are being generated with either ASP, ASP.Net 1.1 or ASP.Net 2.0.
Any insight on why Safari choking on these sites? Are there any work-arounds to get NTLM to correctly authenticate with Safari?
Update:
In further playing with it I have determined that NTLM will work (with the page loading reasonably fast) if I am using the FQDN for the site (i.e. http://mysite doesn't work, but http://mysite.domain.prv will work). Unfortunately, this will not work due to other constraints on the project.
Does anyone know why the FQDN would work but the shorter name will not? Is this something that can be worked around or is it "Sorry out of luck"?
Update 2:
According to the Wireshark packet sniffer, safari sends a SYN to the correct severs IP address. The intranet sever responds with a SYN, ACK, to which safari sends an ACK. This is the end in communication between safari and the sever. When attempting to access the intranet site by FQDN these three packets were the same but were then followed by a HTTP GET request, which then successfully loaded the page.
Because Safari is connecting to the correct IP address, I find it hard to believe that Safari just doesn't support NetBIOS/WINS names. Additionally, because the NTLM packets are never exchanged as safari never sends the initial GET request, I'm certain that NTLM has nothing to do with this issue.
Does anyone know the status of safari's support of NetBIOS/WINS?
In a similar situation with a Java based B2B client, I was successful in using http://ntlmaps.sourceforge.net/ to traverse the proxy.
Any insight on why Safari choking on these sites?
Because NTLM is not a web standard. You can't expect any given web browser to support it.
Until recently only IE supported it at all. And Firefox's support has to be specifically configured.
Firefox has always been able to traverse NTLM sites. I know because I'm stuck with this god awful custom ASP solution and SharePoint site to use in our intranet... Firefox is a dream.
Apple.. fix Safari kthx?