Google Chrome Warning

Hi,

A few months ago Google Chrome started displaying a red cross and a warning in the URL bar with older Comodo certificates, using SHA-1 rather than SHA-2. Comodo issued updated certificates which I installed and which fixed the issue.

Yesterday the red cross re-appeared (URL = appserver.gtportalbase.com). The message says
“Your connection to appserver.gtportalbase.com is encrypted with obsolete cryptography.
[…]
The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and ECDHE_RSA as the key exchange mechanism.”

From looking at

https://www.ssllabs.com/ssltest/analyze.html?d=appserver.gtportalbase.com&hideResults=on

I think the cause is that though the updated certificate now uses SHA-2, the certificate AddTrustExternalCARoot.crt supplied with is still uses SHA-1. Can you confirm this and if so supply a new version of that certificate?

Regards
Oliver

I have this same problem in Chrome. First I thought it was due to using a SHA-1 certificate, so I upgrade to SHA-2 and no luck. I then figured it was because I was using TLS 1.0 instead of 1.2, so I upgraded my application server and java so I am now using 1.2, but I still get the error. I would love to get this sorted out also.

https://appserver.gtportalbase.com/ is green for me, using Chrome 44 on Ubuntu.

It is, however, “encrypted with obsolete cryptography”. You should enable the following suite(s), and make it/them preferred:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)