TOPIC:

Using Chrome and Chrome-based (Opera) browsers the translate.webtrees.net/projects/webtrees/ gives the answer:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Not supported protocol

Using Firefox seems to be everything OK.

Is this a known problem? Or should I do something with my browser?

Which version of Chrome?

The translation server was recently updated to use TLSv1.3 instead of TLSv1.2

The documentation says that Chrome 70 (2018-10-16) should be able to use this - caniuse.com/tls1-3

I get the same error message.
Chrome 100.0.4896.60

IE11:

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to translate.webtrees.net again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

After todays upgrade of Chrome on PC it works.

The actual version of Opera (todays upgrade) it did not work.

On my smart phone version 99.xxxxxx do not work.

Ladislav

> IE11:

IE11 does not support TLSv1.3, so I do not expect it to work.

This is not my server, but I can get the configuration changed.

But I am curious to learn why it isn't working - when the documentation says that it should work...

Greg, looks like any Chromium-based browsers fail.

This site can’t provide a secure connectiontranslate.webtrees.net uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

fisharebest wrote:

I am curious to learn why it isn't working - when the documentation says that it should work...

Firefox browser info about the different SSL certificates may give a hint.

The URL "www.webtrees.net" (this site) uses encryption TLS_AES_256_GCM_SHA384, 256 bits, TLS 1.3, but "translate.webtrees.net" uses TLS_AES_128_GCM_SHA256, 128 bits, TLS 1.3

Perhaps the 128 bits is the key to the problem, not regarded secure enough anymore.
(And disqualifying lots of old hardware web interfaces too, such as routers, which often use outdated SHA1 certificates).

This server is located at my employer. I will look again next week.

It seems like this issue started with Chrome version 98.

But exactly which encryption techniques are incompatible, is still a mystery.

The encryption chain has many steps, starting with the web server version, which needs to be compatible with updated encryption modules. So exactly what is considered outdated, is not easy to tell, when Chrome only gives a mystical message.

Google has a goal to make a safer internet, but blocking unsafe sites without any additional information,
and in some cases forcing people to use regular HTTP to access older routers etc, is perhaps not a good idea for safety.

Any encryption is always better than nothing.

The config on this server was generated using the "modern" option at ssl-config.mozilla.org/

It passes the SSL Labs test with a grade "A" - www.ssllabs.com/ssltest/analyze.html?d=translate.webtrees.net

Greg, this still doesn't work:



Using Chrome (v101), but MS Edge gives a similar message.

This should now be fixed