AnsweredAssumed Answered

Chrome reports we're using obsolete cryptography; got an A

Question asked by Stephen Ott on Jul 9, 2015
Latest reply on May 28, 2017 by Lily Wilson

We noticed that Chrome is reporting our HTTPS is using obsolete security. I ran a test on SSL Labs and we came back with an A (100 on cert, 95 on protocol support, 90 on key exchange and 90 on cipher strength). Chrome says:

The connection uses TLS 1.2

The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and ECDHE_RSA as the key exchange mechanism

 

According to the SSL test, we support TLS 1.2, 1.1 and 1.0 . SSL 3 and SSL 2 are not supported. We are supporting these cipher suites:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH 521 bits (eq. 15360 bits RSA)   FS256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH 521 bits (eq. 15360 bits RSA)   FS256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH 521 bits (eq. 15360 bits RSA)   FS128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH 521 bits (eq. 15360 bits RSA)   FS128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)128

 

I'm at a bit of a loss about why Chrome is unhappy.

Outcomes