Issue in cipher suite


#1

Hi, we are using wildcard certificate successfully on our different servers. We have deployed wildcard certificate on our web-server (Ubuntu with apache) and using the same wildcard certificate on other server as well successfully but the problem arise when we compare the information of both certificates we get a message that the webserver is using modern cipher suite with following message

The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.

where as the other server where we deployed the same wildcard certificate (by copying and changing its type from pem format to crt) we are getting the information of using obselete cipher suite with following message

The connection is encrypted using AES_128_CBC, with HMAC-SHA1 for message authentication and ECDHE_RSA as the key exchange mechanism.

Please help me in rectifying this issue.


#2

Hi @AKarimKazi

this isn’t a certificate problem. This is only a cipher suite configuration problem of your server.

So search “apache cipher suite”.

Sample:

https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html


#3

Also https://mozilla.github.io/server-side-tls/ssl-config-generator/


#4

Thanks @JuergenAuer and @schoen for your replies but we have the above mentioned issue in our mail server (zimbra) where we have exported our wildcard certificate to. And its important to notice that zimbra is not linked with apache.


#5

In that case, it looks like you might want to look at

https://wiki.zimbra.com/wiki/Cipher_suites