AnsweredAssumed Answered

Old browsers/OS like Symbian compatibility

Question asked by Stevan Borchz on Nov 20, 2017
Latest reply on Nov 30, 2017 by Rob Moss

Hello guys

 

I have a very weird situation.

 

Two similar sites, using SAME RapidSSL SSL certificate.

 

On one this site: https://www.xvideos.com 

 

SSL Server Test: www.xvideos.com (Powered by Qualys SSL Labs) 

 

Browsing from old browsers/OS like Symbian OS 9.2, Series 60 v3.1 UI works pretty fine.

 

However, using the SAME RapidSSL, with this particular cipher configuration on Nginx, doesn't seem to be working for that Symbian OS browsing.

 

1) How can I make my SSL fully compatible with old browsers like that? I've already tried Mozilla suggestion tool Generate Mozilla Security Recommended Web Server Configuration Files  and I still can't make it work on this Symbian platform.

 

# SSL config
listen 443 ssl;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
ssl_prefer_server_ciphers On;
ssl_dhparam /etc/nginx/dhparams.pem;
ssl_certificate /etc/nginx/ssl.crt/www.mysite.com.crt;
ssl_certificate_key /etc/nginx/ssl.key/www.mysite.com.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
# SSL config

 

2) On my page ssl test I see this warnings:

 

Android 2.3.7 & IE 8:  No SNI 2 Incorrect certificate because this client doesn't support SNI

 

However, on the other page test from the other website, this warnings are not present. Can anybody explain me why?

 

Thanks in advance for your help.

 

Outcomes