We help IT Professionals succeed at work.

This page can't be displayed - Turn on TLS 1.0. TLS 1.1, and TLS 1.2 in Advanced settings

Medium Priority
2,701 Views
Last Modified: 2019-03-11
Hi Experts,

One of my customers is encountering the following error when accessing our site, https://pavement-science.com.au:

This page can't be displayed
Turn on TLS 1.0. TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://pavement-science.com.au again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 Link for the details), which is not considered secure. Please contact your site administrator.

He gets this error using Chrome and Firefox, but not with IE or Edge.

Regards,
Leigh
Comment
Watch Question

KimputerIT Manager
CERTIFIED EXPERT

Commented:
As it's your own website, you are probably well aware you renewed your certificate already for a short period of time, so obviously it's all up to par on your side.
So we have to focus purely on the customer. The only way to be sure what's going on, is to see the certificate shown during the Chrome or Firefox session. Do you see the correct certificate everyone else sees? If not, why only Chrome/Firefox (check IE, maybe it has another certificate, it just doesn't warn the user)? And then, where does this different certificate come from (share screenshot)?
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You can try running SSLtest which has various browser handshake simulation. I ran one instance and finding hereLooks alright for below browser as it support the required cipher and TLS

Chrome 69 / Win 7  R      EC 256 (SHA256)        TLS 1.2 > h2        
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS

Chrome 70 / Win 10      -        TLS 1.3      
TLS_AES_128_GCM_SHA256   ECDH x25519  FS

Firefox 31.3.0 ESR / Win 7      EC 256 (SHA256)        TLS 1.2      
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS

Firefox 47 / Win 7  R      EC 256 (SHA256)        TLS 1.2 > h2  
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS

Firefox 49 / XP SP3      EC 256 (SHA256)        TLS 1.2 > h2  
      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS

Firefox 62 / Win 7  R      EC 256 (SHA256)        TLS 1.2 > h2        
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS

Googlebot Feb 2018      EC 256 (SHA256)        TLS 1.2      
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS

IE 7 / Vista      EC 256 (SHA256)        TLS 1.0      
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA   ECDH secp256r1  FS
David FavorFractional CTO
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Several considerations.

1) https://www.ssllabs.com/ssltest/analyze.html?d=pavement-science.com.au shows all's well right now.

2) You're using CloudFlare SSL, so you have no control over fixing SSL problems.

3) CloudFlare continually has SSL problems. You can Google this for the long sad history.

Normally I'd be with Kimputer, likely the issue is with you customer's browser... except... the message specifically relates to CloudFlare's setup.

Likely what happened is CloudFlare, yet again, munged their SSL setup... then 1000s of people reported the problem... eventually CloudFlare fixed the problem.

Fix: The only real fix to escape CloudFlare problems, is to avoid using CloudFlare.

Hint: If your customer visits your site again, likely the problem has cleared, because CloudFlare has fixed their config.

Check with your customer to see if the problem is fixed now.
Rob LauzonDirector of Product Support
CERTIFIED EXPERT

Commented:
Hello LeighWardle,

You can have the customer run a client test in the browsers that are not working to determine what is supported - https://www.ssllabs.com/ssltest/viewMyClient.html?promo=31843

You can then compare the results with your site - https://www.ssllabs.com/ssltest

The error they are receiving means that there is an issue with the SSL/TLS handshake, either you do not have a common protocol or cipher with the client, or your web server has a blacklisted cipher (e.g. RC4) enabled (Which you do not).

If you have more details related to the user's system that is receiving the error (e.g. Browser version, OS, hardware). I might be able to provide more assistance.

Kind regards,
Rob