I have recently updated to https. Not supporting RC4.
We have one or two customers that cannot access our site, and are getting the error 'A secure connection cannot be established because this site uses an unsupported protocol or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure.'
They are all on XP, but running the latest Chrome.
How can I get around this? Bearing in mind we don't support RC4, the Chrome error message isn't very helpful.
I'm assuming there is a problem with Windows XP and any new browser trying to access any HTTPS site that does not support RC4 – surely there is a workaround, as a large chunk of people are still running XP?
Best Answer
Your site needs to support a cipher that is available in Windows XP, which is why you are getting the cipher suite mismatch. Your SSL Labs test report lists the following ciphers:
Here are the supported TLS cipher suites in Windows XP/Server 2003.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380512(v=vs.85).aspx
Your site won't work from Windows XP at all. You need to add one of the supported suites if you want to support Windows XP. The one most commonly used seems to be the aforementioned
TLS_RSA_WITH_3DES_EDE_CBC_SHA
.Edit to add: I just noticed you're using CloudFlare. Make sure you read the SSL FAQ and the Legacy Browser support articles.
https://support.cloudflare.com/hc/en-us/articles/214770928-Legacy-Browser-Support
I know Chrome is a modern browser but as I said before it uses the Windows libraries for whatever OS it is running on and TLS/SNI support wasn't introduced until Windows Vista. So if you disable legacy browser support in CloudFlare, you will break Chrome on XP as well because your site will only be accessible from browsers that support SNI.