We noticed that Chrome is reporting our HTTPS is using obsolete security. I ran a test on SSL Labs and we came back with an A (100 on cert, 95 on protocol support, 90 on key exchange and 90 on cipher strength). Chrome says:

**The connection uses TLS 1.2**

**The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and ECDHE_RSA as the key exchange mechanism**

According to the SSL test, we support TLS 1.2, 1.1 and 1.0 . SSL 3 and SSL 2 are not supported. We are supporting these cipher suites:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 521 bits (eq. 15360 bits RSA) FS | 256 |

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 521 bits (eq. 15360 bits RSA) FS | 256 |

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 521 bits (eq. 15360 bits RSA) FS | 128 |

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 521 bits (eq. 15360 bits RSA) FS | 128 |

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) | 256 |

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) | 128 |

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) | 256 |

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) | 128 |

I'm at a bit of a loss about why Chrome is unhappy.

Chrome deems "modern cryptography" as ECDHE with GCM cipher suites. It looks like you're using IIS based on your cipher suite order, and only IIS version 10 supports ECDHE_RSA suites with GCM.