Hi,
i have some problems, if i activate on my server the let’s encrypt , the site will get complete white with a https - connection in firefox.
I’dont know why.
http://support.wegot.vision => working
https:///support.wegot.vision => not working
In chrome/Internet explorer/edge/opera it’s work fine.
It might be because of the following error:
Firefox 47 / Win 7 R Server negotiated HTTP/2 with blacklisted suite
RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDH secp256r1
(Source: SSL Server Test: support.wegot.vision (Powered by Qualys SSL Labs))
You can find the blacklisted cipher suits for HTTP2 here: https://http2.github.io/http2-spec/#BadCipherSuites
The list of cipher suits provided by my Firefox (45):
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
Cross-reference that with the list of cipher suits your server offers from the page I linked to above. You'll see the first possible cipher suite of your server which is listed in the clients supported cipher suits is TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014). And that suite is blacklisted.
Possible options:
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.