Connection is encrypted with outdated encryption kits



  • People, help the lipstick understand why the mistake. I bought a godaddy certificate, and he's working, but he's throwing a warning "The Connection is encrypted with outdated encryption sets" here's a picture.

    Соединение зашифровано с помощью устаревших наборов шифров

    How can you fix that? Use ngix as a web server.

    configuration

    server {
            listen 443;
    
        server_name example.com;
        root /home/wordpress/www; # путь к WP
        index index.php;
    
        ssl on;
        ssl_certificate /etc/nginx/ssl/example.com.com_combined.crt;
        ssl_certificate_key /etc/nginx/ssl/example.com.key; 
    

    }

    nginx -V

    nginx version: nginx/1.9.3 (Ubuntu)
    built with OpenSSL 1.0.2d 9 Jul 2015
    TLS SNI support enabled
    configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module

    grep -rn ssl_ /etc/nginx

     /etc/nginx/snippets/snakeoil.conf:4:ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    /etc/nginx/snippets/snakeoil.conf:5:ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    /etc/nginx/nginx.conf:33: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    /etc/nginx/nginx.conf:34: ssl_prefer_server_ciphers on;
    Binary file /etc/nginx/sites-available/example.com matches



  • Response to the discussion: comment /etc/nginx/nginx.conf lines 33-34.

    In addition, in nginx instead ssl on; Recommended use listen 443 ssl;

    I just wanted to say, https://letsencrypt.org/ It's out of the inweight regime, so space ships are fighting the stoves, and the receipt of the certificates has stopped being a synonymous purchase.


Log in to reply
 


Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2