Chrome not able to load URL using only TLS 1.2 with SHA256 AES256.Website works fine in IE.
Are there any setting changes needed to resolve the issue?
Can you please share the error message which you are seeing Google chrome? I am suspecting that chrome has removed RC4 cipher in chrome v48..
err_ssl_version_or_cipher_mismatch is the error message
RC4 is disabled by chrome.
Run below in chrome browser chrome://flags/#ssl-version-max
Then change the maximum TLS version enabled from default to TLS 1.3
And select tls1.3 will work. Try n confirm.
When I tried the above option in chrome://flags/#ssl-version-max,I dont see any settings related to tls1.3 or ssl..
please post your Client SSL Profile cipher string. Maybe we can optimize it further...
Did you selected "TLS 1.3 downgrade hardening" as an enable in chrome browser. Just try..
You can take a packet capture of the ssl handshake (with ssldump) to see exactly which ciphers are being negotiated and selected.
Then check if you find a reference in chrome support/forum that talking about your problem.
SO first capture traffic then check with ssldump which ciphers/protocol are negotiated it will be helpfull for your to find a solution...
just tested the cipher support of Chrome. Chrome does not support the cihper called AES256-SHA256 (ID 61). It does only support AES256-SHA (ID 53) or AES256-GCM-SHA384 (ID 157) if you require a (non-DH) RSA based AES256.
Qualys SSL Labs: SSL/TLS Capabilities of Your Browser
To workaround this limitation, I would recommend to change your cipher string to include AES256-GCM-SHA384 as well as AES256-SHA256. The GCM is considered more secure than CBC, so you will more or less increase the security of those browser who support this chiper spec.
[root@f501:Active:Standalone] / # tmm --clientcipher 'AES256-GCM-SHA384:AES256-SHA256:-SSLv3:-DTLSv1:-TLSv1:-TLSv1_1'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
1: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
[root@f501:Active:Standalone] / #