Google Chrome "Your connection to website is encrypted with obsolete cryptography"
Your exact case is that RSA is used as the key exchange mechanism. Instead, you should use DHE_RSA or ECDHE_RSA.
To remove the "obsolete cryptography" warning, you'll need to use "modern cryptography" which is defined as:
- Protocol:
TLS 1.2orQUIC - Cipher:
AES_128_GCMorCHACHA20_POLY1305 - Key exchange:
DHE_RSAorECDHE_RSAorECDHE_ECDSA
Twitter discussion: https://twitter.com/reschly/status/534956038353477632
Commit: https://codereview.chromium.org/703143003
This has nothing to do with a certificate. There is a special "outdated security settings" warning when a certificate uses weak signature algorithm, but this is about authentication, not about encryption. Note that you are still getting a green lock, even in case of obsolete encryption.
That message probably indicates you're
- Using SSLv3, or
- Have a certificate signed with SHA-1 or MD5
According to this page. The former is a configuration issue, the latter require you to get a certificate signed with a SHA-256 hash.
I had the same issue and used this free service to get a: SSL report.
The report scans your SSL configuration and tells you:
- Information about the certificate (Common names, valid dates, key size, signature algorithm, issuer, ...)
- Certification path
- Enabled protocols (making sure SSL 2 and SSL 3 are disabled)
- Cipher suites supported (where you can see what should be disabled)
- Handshake simulations for different browsers and OS.
- Protocol details (are you vulnerable ?)
It helped me get information about how my configuration was set, what could be improved or disabled and I ended up modifying the ssl_cipher directive from Nginx to support the Intermediate compatibility.