How to deal with obsolete cryptography
When viewing a website in the latest version of Chrome, you may see the following message in the certificate section.
If the website is yours, or if you are conducting transactions on the website, you may be worried that the certificate is outdated and that the site is not secure. However, it only means that the website is using an outdated cipher suite. A cipher suite is a combination of algorithms governing the authentication, encryption, message authentication code (MAC), and the key exchange used for TLS and SSL network protocols.
When the client’s browser communicates with your website’s server, it sends along a list of cipher suites that it supports. The server replies with the preferred cipher suite from the list. Some cipher suites are “legacy”, meaning that they are no longer supported. These are still widely used for greater compatibility with older browsers. Chrome will run some of them, but only if the server insists.
If you wish to switch to modern cryptography, here are the settings you need on your server:
- set up “forward secrecy”
- use either AES-GCM or CHACHA20_POLY1305 as your cipher suite
Please note that your website will no longer be compatible with older browsers.
If you’re unclear on any point in this article, don’t hesitate to contact our accredited web security experts:
Send us your comments
Your comment will not be published. If you have a question, do not forget to write your email address so that we can get back to you!