Bluehost shared hosting and older Safari versions

My domain is:

I ran this command:
Safari 10.1.2 running on Mac OS 10.10.5 (Yosemite) will not load the page due to SSL error. From what I have read (maybe outdated?) this browser version should be supported. What are the current minimum requirements for MacOS/Apple?

It produced this output:
Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made.

My web server is (include version):
Apache 2.4.46

The operating system my web server runs on is (include version):
CentOS, kernel 4.14.146-225.ELK.el6.x86_64

My hosting provider, if applicable, is:
Bluehost

I can login to a root shell on my machine (yes or no, or I don't know):
No

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
86.0 (build 27)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
n/a

2 Likes

You'll have to contact BlueHost support for this. This isn't an issue with the Certificate, but how Apache is configured to use the certificate.

The LetsEncrypt certs are cross-signed by IdenTrust, which is in the macos trusted root store until at least as far back as 10.9; but likely further back: (see https://support.apple.com/en-us/HT202858 )

For issues like this, you can use a SSL compatibility checking service:

As you can see on that, Apache doesn't want to work with Safari 6-8 due to handshake errors.

3 Likes

The problem you mention seems to be the issue with older Safari browsers (like 8).
Which support only weak and insecure protocol/ciphers combinations:
https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=8&platform=OS%20X%2010.10&key=87

But Safari 10.1.2 should be fine (at least for the time being) with a few remaining secure TLSv1.2 ciphers:
0xC02C, 0xC02B, 0xC030, 0XC02F

Your site supports the following TLSv1.2 ciphers:
[as shown by SSL Server Test (Powered by Qualys SSL Labs)]
0xC02F, 0xC030, 0xCCA8, 0x9E, 0x9F

So...

Can you show a full picture of the error message you receive?

2 Likes

You can cross-reference that output with the SSLLabs client test: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

3 Likes

Thank you all for the replies, I will follow up with Bluehost.

'Can you show a full picture of the error message'?

Unfortunately no - I am tag-team debugging this issue remotely with a friend who has a Mac platform device. I do not have one myself, which makes it a bit hard to make progress on issues like these.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.