Some users have complained that they cannot access our site due to a "secure connection failure" i.e. SSL. The actual error code provided is SSL_ERROR_NO_CYPHER_OVERLAP.
Server is nginx with ubuntu 18.04. SSL has been installed via the laravel forge LetsEncrypt button.
I have tested 4 of our sites using https://www.ssllabs.com and all seem to have the same errors show up.
Errors are only related to certain browsers/OS (generally older versions) i.e.
Chrome 49 / XP SP3 Server sent fatal alert: handshake_failure
I also noticed that only TLS 1.2 protocol is supported with my site, so I am guessing that these older browsers are using an older protocol.
| Protocols | |
|----------------------------------------------|-----|
| TLS 1.3 | No |
| TLS 1.2 | Yes |
| TLS 1.1 | No |
| TLS 1.0 | No |
| SSL 3 | No |
| SSL 2 | No |
| For TLS 1.3 tests, we only support RFC 8446. | |
Has anyone come across this issue before or have any advice on how to diagnose it further.
Best Answer
One potential fix around this is to edit the SSL cert configuration within:
I amended the TLS version and cipher certificates to the intermediate settings as recommended by mozilla. It appears as the default Forge setup in now for Modern browsers only, which means many are invalid.
https://mozilla.github.io/server-side-tls/ssl-config-generator/
Re-running the https://www.ssllabs.com/ test shows no errors with browser compatibility but has reduced the cipher strength level a little. So I guess more compatibility with a bit less security.
If anyone has any comments on a better way to do this, please advise.