Google Chrome "Your connection to website is encrypted with obsolete cryptography"
Google Chrome is showing new information in the certificate section.
Is this a big deal? If so how can I fix it on the server end?
EDIT: Thanks for the answers but I'm not skilled in cryptography so the only thing I can update with is this certificate was created by Shell in a Box, and I was also wondering if this was ruining the security of TLS/SSL communication with the application and if so, how I could fix it.
This has been coined 'security shaming'. It made the Financial Times http://www.ft.com/cms/s/0/f53fe1ae-c98a-11e4-b2ef-00144feab7de.html
Your exact case is that
RSAis used as the key exchange mechanism. Instead, you should use
To remove the "obsolete cryptography" warning, you'll need to use "modern cryptography" which is defined as:
- Key exchange:
Twitter discussion: https://twitter.com/reschly/status/534956038353477632
This has nothing to do with a certificate. There is a special "outdated security settings" warning when a certificate uses weak signature algorithm, but this is about authentication, not about encryption. Note that you are still getting a green lock, even in case of obsolete encryption.
So how do I generate my private/public keys using ECDHE_RSA? I'm getting the same error as OP, and I'm using this command to generate my keys `openssl req -x509 -newkey rsa:2048 -sha256 -keyout a.key -out a.crt -days 1000 -nodes -subj "..."`. I'm guessing I need to change the rsa:2048 param, but I can't find what I should be changing it to.
@Rob You do not need to generate new keys - you just have to modify some server settings to allow clients to use at least one of the listed ciphersuites. In apache, this can be done in your VirtualHost configuration file. There is an SSL config generator you can use to make this easier: https://mozilla.github.io/server-side-tls/ssl-config-generator/
Hey! Thanks for your response! That makes a lot of sense since I didn't understand why the certificate would be the one to dictate this. Unfortunately, I'm not using Apache, I'm using my own web server which is based off of Civetweb, so I'll have to look into that!
Note for Tomcat, to change from AES_256_CBC to AES_128_GCM you'll have to upgrade from Java 7 to Java 8. See this answer: http://stackoverflow.com/a/21290409/57752
My understanding is that certificates vouch that a public key belongs to a certain entity. If you are going to change from RSA to, say, DHE_RSA, wouldn't the server need a DHE_RSA public key and thus a new certificate that will vouch for this new public key?
@Eddie Going from a 256 bit key to a 128 bit key seems like a big downgrade, why isn't 256 CBC just as good or better?
Windows: from https://www.nartac.com/Support/IISCrypto/FAQ ... your website is using obsolete cryptography if the cipher suite does not support forward secrecy and authenticated encryption (AEAD). The only two cipher suites that support this on Windows using RSA certificates are TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256. Unfortunately those cipher suites use 1024 bits for their Diffie-Hellman parameters which has long been considered weak. The only way to get rid of this warning is to use DSA certificates or wait until Windows 10 Server is released...
@Michael With a modern block cipher (e.g. AES), 128-bit keys are _good enough_ (in the sense that a brute-force attack is utterly infeasible). 256-bit keys just waste electricity and CPU time. This will change if quantum computers become practical, but we can worry about that then. Changing from CBC to GCM, however, really does increase your security. GCM is a newer, better-designed mode of operation which avoids several known weaknesses in CBC (as used by TLS).
That message probably indicates you're
- Using SSLv3, or
- Have a certificate signed with SHA-1 or MD5
The image says that "The connection uses TLS 1.2.".
OP can rule out SSLv3. Anybody else who finds this because they're searching for that error message might not be able to, so it's worth mentioning.
I had the same issue and used this free service to get a: SSL report.
The report scans your SSL configuration and tells you:
- Information about the certificate (Common names, valid dates, key size, signature algorithm, issuer, ...)
- Certification path
- Enabled protocols (making sure SSL 2 and SSL 3 are disabled)
- Cipher suites supported (where you can see what should be disabled)
- Handshake simulations for different browsers and OS.
- Protocol details (are you vulnerable ?)
It helped me get information about how my configuration was set, what could be improved or disabled and I ended up modifying the
ssl_cipherdirective from Nginx to support the Intermediate compatibility.
Since the protocol version is good and AES_128-GCM is certainly not obsolete the remaining possibility is that something is wrong with the RSA key exchange. I'm not sure what google chrome understands as obsolete, but just the fact that key exchange is performed using RSA is not particularly good. Preferably RSA should only be used for authentication and the key exchange should be performed using DHE or ECDHE.
As someone pointed out you might also be having a problem with your certificate which is either signed with a bad hash function or the key might be too short (512 bits?) the latter is not very probably though.
You can use
openssl s_client -connect <server_name>:443from linux to see the ssl handshake. Check the Peer signing digest, protocol, and cipher. Usally chrome has more details about the obselete configurations, you can try to update. Check if algorithm hash, ciphers, protocol are modern.
No client certificate CA names sent Peer signing digest: SHA256 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4499 bytes and written 415 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: <id> Session-ID-ctx: Master-Key: <key> Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1579360646 Timeout : 300 (sec) Verify return code: 0 (ok) ---
Note: Openssl v 1.1.1 may fail to connect to server if the
Peer signing digest: SHA1, you can try to reduce the security in
/etc/pki/tls/openssl.cnfby setting the
CipherString = [email protected] = 1and try again. With openssl you can set
-sigalgsand more to debug.