Forum Discussion

Krishna_388466's avatar
Krishna_388466
Icon for Altostratus rankAltostratus
Apr 14, 2019

After Weak cipher remediation , URL not working in chrome while IE load is fine.

Chrome not able to load URL using only TLS 1.2 with SHA256 AES256.Website works fine in IE.   Are there any setting changes needed to resolve the issue?  
application delivery
F5 Cloud Services
security
WebSafe
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Apr 15, 2019

Hi Krishna,

just tested the cipher support of Chrome. Chrome does not support the cihper called AES256-SHA256 (ID 61). It does only support AES256-SHA (ID 53) or AES256-GCM-SHA384 (ID 157) if you require a (non-DH) RSA based AES256.

Qualys SSL Labs: SSL/TLS Capabilities of Your Browser

https://www.ssllabs.com/ssltest/viewMyClient.html

To workaround this limitation, I would recommend to change your cipher string to include 

AES256-GCM-SHA384
as well as 
AES256-SHA256
. The GCM is considered more secure than CBC, so you will more or less increase the security of those browser who support this chiper spec.

[root@f501:Active:Standalone] /  tmm --clientcipher 'AES256-GCM-SHA384:AES256-SHA256:-SSLv3:-DTLSv1:-TLSv1:-TLSv1_1'
       ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX
 0:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM   SHA384  RSA       
 1:    61  AES256-SHA256                    256  TLS1.2  Native  AES       SHA256  RSA 
 [root@f501:Active:Standalone] /

Cheers, Kai