I have enabled SSL on our Web reports site which works fine, However Google Chrome is warning that obsolete cipher suites are in use.
The certificate used is SHA-2. Is there some settings i need to change server side to ensure more secure ciphers are used?
The message that appears is:
"Your connection to servername@domain.com is encrypted using an obsolete cipher suite.
The connection uses TLS 1.2
The connection is encrypted using AES_256_CBC, with HMAC-SHA1 for message authentication and RSA as the key exchange mechanism.
I was not able to see any settings on the server which can be changed which makes me think i you have to add them to override the defaults. I have also been unable to find any documentation regarding this so any help here would be much appreciated.
We are currently on version 9.2.3.68, but are not able to enable enhanced security mode due to having to support some older operating systems which there is no updated client for which means they are stuck on version 8.2.1409 for now until the operating systems are upgraded or the systems are replaced.
Is the only way to further secure web reports to enable enhanced security. Also when i look at enabling it it shows that the BES Support site is not supported. After a bit of research i see this is something other people have experienced, but there doesn’t seem to be a fix for this online. Any thoughts on that before i raise it support?