Chrome Security Issue


#1

So I have the " ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY " Error in chrome and the only way to see the website is to use Safari… I’ve already cleared my cache so its not chrome…

How can i downgrade Nginx ?? Because that seems like the only viable option


#2

Fixed the issue.

For future reference.

Use this command line

nano /var/www/yourdomain.com/conf/nginx/ssl.conf

Then delete http2.

Save.

Then restart Nginx. ee stack restart


#3

@cktalon buddy I am facing the same error… There is no http2 line in my installation… Any help here would be appreciated…


#4

When You type "nano /var/www/your-domain-name.com/conf/nginx/ssl.conf "

You don’t see the below lines ??

listen 443 ssl http2; ssl on; ssl_certificate /etc/letsencrypt/live/your-domain-name.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your-domain-name.com/privkey.pem;


#5

No… I see only ssl on; onwards…


#6

I just resinstalled everything from scratch and now i could see http2 - Just removed that and everything is working fine. Thanks everyone…

Just to summarize: SSL ciphers was not the issue - I tried doing that - it broke the entire site. http2 was the real issue - but before 26th March, I have personally done 5 ee installs and it was never the issue.

Now the question for @admin @radhe @radhe83 is whether or not this configuration is secure or removing the http2 is simply a work around. Because this in its exact form is working on all my other sites installed before 26th March. Any answer to this will really be helpful.


#7

Is there a proper solutions for this issue? Obviously, this workaround disables HTTP/2, which is hardly desirable. What’s the way to fix this such that HTTP/2 is supported?


#8

Hello,

Yes, just replace the old ssl cipher suite currently used in nginx.conf with the command :

sed -i 's/ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHADHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!ECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;/ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;/' /etc/nginx/nginx.conf

#9

@virtubox Command works like a charm - still!


#10

thanks virtu!!!