Cloudflare Universal SSL web browser compatibility

Discussion in 'Domains, Hosting and Servers' started by eva2000, Oct 6, 2014.

  1. eva2000

    eva2000 Regular Member

    Joined:
    May 22, 2012
    Messages:
    138
    Likes Received:
    107
    Location:
    Brisbane, Australia
    Just a heads up if you're thinking about using Cloudflare's Universal SSL certificates. The free plan uses ECC 256 bit ECDSA based SSL certificates which are not compatible wth older browsers on certain older OSes.

    More details at https://community.centminmod.com/th...with-winxp-internet-explorer-8-browsers.1577/ as well how to use Google Analytics to check your web browser versions used for your web site to ensure you're not negatively affected.

    For older browser compatible, you would need to upgrade to Cloudflare's Pro or Business paid plans.
     
    Last edited: Oct 6, 2014
    SneakyDave and Bundy like this.
  2. DougCuk

    DougCuk Regular Member

    Joined:
    Dec 30, 2014
    Messages:
    1
    Likes Received:
    0
    Just to clarify things a little
    Windows XP itself is incompatible with the new Cloudflare Free Universal SSL certificate system
    Almost all browsers use the operating system to verify the SSL certificate - only FireFox has its own system

    The Universal SSL certificates are using ECC 256 bit SSL certificates which use ECDSA signatures
    Support for ECC 256 bit SSL certificates was introduced with Windows Vista - and is not supported in XP

    Elliptic Curve Cryptography (ECC)
    Elliptic Curve Digital Signature Algorithm (ECDSA)

    With XP (SP3) you will see:
    IE8 reports a certificate error which you can over-ride (not recommended - but allows access)
    Chrome reports This webpage is not available (with no way to over-ride - website just appears to be down)

    Clicking the details link in Chrome shows you:
    The webpage at [https url] might be temporarily down or it may have moved permanently to a new web address.
    Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    Under Windows XP your only options are:
    1. Access the website via a proxy that supports ECC SSL
    2. Use the FireFox browser (v19+) which has its own ECC SSL system
    3. Over-ride the certificate warning on IE8 and accept an unverified connection

    CloudFlares Free Universal SSL does not support older browser compatibility.
    CloudFlare Pro or Business plans have a workaround to support legacy browsers.
     
  3. pixelek

    pixelek Regular Member

    Joined:
    Oct 9, 2013
    Messages:
    229
    Likes Received:
    85
    Location:
    Torun, Poland
    On Ubuntu 14.04 Server if you see any kind of error, just regenerate your gpg-keys.
    This is because ones that are installed by default, do not have refferals to ECC SSL hardcoded.
     

Share This Page