SSL not working on Windows 7 running Chrome

sudhanshubhasin · January 7, 2022, 8:48am

Issue 1

Site showing A+ on SSLabs but showing unsecured certificate on client sites for Operating system Windows 7 running a Chrome version 96.0.4664xxx

Issue 2

IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure

I tried all configuration mentioned on SSL-config.mozilla.org using below BUT issue still remains

SSLEngine on

Protocols h2 http/1.1

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off

My domain is: upgrade.lensbazaar.com
I ran SSLab Test it produced this output in PDF on the link https://1drv.ms/b/s!AqYkuzhYbcqFhLgXMU47qRv-9NzFRg?e=9PKJWW

My web server is : apache
Operating system : Centos 8
Latest cerbot is installed already

MikeMcQ · January 7, 2022, 3:07pm

issue #1
Do any other browsers work on Win7? Like Firefox or IE
Is that system getting regular updates?

issue #2
Is that a real-world failure or only noting it from the SSL Labs report?
If real-world, can it be updated as indicated on SSL Labs?
Note: This forum site shows same error on SSL Labs (try it)

sudhanshubhasin · January 7, 2022, 3:33pm

Windows 7 does have many Chrome running - I am sure thousands and my issue is with this specific OS
I ran the SSL Labs because they are trusted tool to check. Because I found Windows 7 was throwing issues. I am sure this would be real world too

MikeMcQ · January 7, 2022, 4:48pm

It would be helpful if you answered the questions I asked. Are you asking about possible problems or do you have a specific Win7 machine that is failing?

As to Issue #2, the warning on SSL Labs was only for the Win Phone version that was not updated. Look at the line just below that. If someone has a model that was not updated they would not connect to a very large number of websites (including this one). It would help them to update.

rg305 · January 7, 2022, 5:03pm

Please point to the specific "Win7 Chrome 96" issue found at SSLLabs:
[this below is from your site]

OR
Show the screenshot where it shows it as insecure.

rg305 · January 7, 2022, 5:11pm

For issue #2

Do you have a Win Phone 8.1 to test from?
I think it should work.
Comparing your ciphersuites to Win Phone 8.1 capabilities, I get:

ECDHE-ECDSA-AES128-GCM-SHA256 SUPPORTED	<<<<<<<
ECDHE-RSA-AES128-GCM-SHA256   UNSUPPORTED
ECDHE-ECDSA-AES256-GCM-SHA384 SUPPORTED	<<<<<<<
ECDHE-RSA-AES256-GCM-SHA384   UNSUPPORTED
ECDHE-ECDSA-CHACHA20-POLY1305 UNSUPPORTED
ECDHE-RSA-CHACHA20-POLY1305   UNSUPPORTED
DHE-RSA-AES128-GCM-SHA256     UNSUPPORTED
DHE-RSA-AES256-GCM-SHA384     UNSUPPORTED

webprofusion · January 8, 2022, 2:35am

The Win7 issue will be that the ISRG Root X1 certificate is not installed in the OS trust store. You can use Firefox if installing the ISRG Root X1 cert is too complicated for your users.

The Windows Phone issue will be that it's too old to successfully use the public internet.

sudhanshubhasin · January 8, 2022, 4:56am

Real-world failure - Yes - on Windows 7 Chrome 96.0.4664xxx
SSL Labs test was done basis to check issues which did not show issues on Windows 7 but other advance versions of Windows 8.1 IE

Note this SSLAbs test did not show Windows 7 Chrome issues

sudhanshubhasin · January 8, 2022, 4:59am

Its a client test windows 7 system which is used as enterprise level
Not a windows phone

sudhanshubhasin · January 8, 2022, 4:59am

Windows 8.1 ---no test available

sudhanshubhasin · January 8, 2022, 5:03am

see the screenshot @rg305

rg305 · January 8, 2022, 3:31pm

I do see it now.
But I don't believe my own eyes!
I can't see why Chrome would say that site is not properly secured.
Do you have similar trouble with other LE secured sites?
Have you tried clearing your cache, and rebooting?

Osiris · January 8, 2022, 3:33pm

The "Not secure" text with a warning sign could be anything. Unsafe algorithms used, incorrect certificate, mixed content.

Please provide a screenshot of the message Chrome shows about WHY it thinks it's insecure when clicking on the warning sign logo.

rg305 · January 8, 2022, 3:39pm

I did check on SSL labs and WhyNoPadlock.
But the message detail will be helpful.

sudhanshubhasin · January 8, 2022, 3:59pm

Message detail ?

Please be specific on info you need ?

rg305 · January 8, 2022, 4:04pm

Click where it shows "not secure"

sudhanshubhasin · January 9, 2022, 2:12am

see the attached

rg305 · January 9, 2022, 4:59am

I see a zoom of the same picture.
Click where it says "Not secure".

sudhanshubhasin · January 9, 2022, 6:37am

Other similar problems - yes --- even Safari version 6 are the same
Client system do not have control to clear cache or rebooting

sudhanshubhasin · January 9, 2022, 6:38am

got it ?

Topic		Replies	Views
Windows 7 Chrome - NET::ERR_CERT_DATE_INVALID Help	57	23640	November 12, 2021
Users of older Android and Windows 7 not able to access website Help	27	10750	December 2, 2021
Windows 7 ssl problem Help	7	10114	November 3, 2021
A Valid SSL certificate is not valid in lower versions of CHrome Help	4	2113	December 23, 2021
Fixing Windows installs that don't receive updates to their trusted roots Help	43	24621	November 8, 2021

SSL not working on Windows 7 running Chrome

Related topics