• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Issue nginx http/2 chrome 49 win xp

K

Kapnos

Basic Pleskian
Hi,

I successfully migrated my wordpress site using http/2 with ssl certificate but clients with chrome 49 (which is the latest version for win xp) cannot reach the site. Is there any workaround?
Thanks!
 
My server runs on Ubuntu 14.04.5 and the nginx version:
nginx version: nginx/1.11.4
built with OpenSSL 1.0.2j 26 Sep 2016
TLS SNI support enabled

The problem is not the OpenSSL version, I think the problem has to do with the Ciphers suites used my nginx.

As I see in /etc/nginx/conf.d/ssl.conf:

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

And proposing ciphers on Mozilla site https://mozilla.github.io/server-side-tls/ssl-config-generator/:
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

Should I use?
plesk sbin sslmng --services=nginx --custom --ciphers="ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"

and then should I restart nginx and apache?
 
Last edited:
Add this to your NGINX section in Plesk and Chrome 49 will work:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;

Test on https://www.ssllabs.com/ssltest/analyze.html for a list of all browsers and how well your server's ciphers are configured.
 
You must log in or register to reply here.

Similar threads

P
Resolved Issues with magento 2, varnish, ngin x
Replies
2
Views
6K
pfrenn
P
T
ISSUE - Nginx config generation failure and http2 directive implementation failure
Replies
14
Views
5K
Bitpalast
Bitpalast
J
Question Plesk nginx coexistence with own nginx configurations
Replies
5
Views
923
Juergen Schneider
J
K
Resolved After backup restore no web nor SSL
Replies
1
Views
667
kankamuso
K
S
Question How can I make my changes to Nginx site config Permanent per site?
Replies
3
Views
856
Raul A.
R
Back
Top