Cipher problem

[CaseyR]

Hi, Bruce

One of my clients is getting this message from his browser:

"Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://localhost:8443 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator."

He says TLS up to 1.2 is turned on by policy and SSL is turned off.  Any advice?  Many thanks.

[Bruce]

Hi Casey,

Most everywhere has disallowed SSL 3 for many years now - TLS 1.0 is the minimum acceptable standard.
Your report though is skimpy on some details, so I need more information. Specifically;

a) Is this your _server_ or your _client_? I presume you are making the server in this case?
b) Is your server secure - ie using a certificate etc? (In this case I'm guessing a self-signed certificate?)
c) What version of NetTalk are you using?

cheers
Bruce

[CaseyR]

Thanks, Bruce

I am pretty sure you are right about the self-signed certificate., but I will confirm.   It is their server.  I am using NT 10.33 at the moment.  I bought NT 11, just haven't got it installed yet.

[Bruce]

Hi Casey,

>> It is their server.

so not a NetTalk server?

Cheers
Bruce

[CaseyR]

Sorry.  It is an NetTalk server.  I thought you meant their machine instead of hosted by us.

[Bruce]

Well, assuming you have not manually set SSLMethod in code to anything, and assuming all your runtime-settings are correct (certificate name, cert location and so on) then it will be serving on TLS.

You could run debugview on the server if you like, then start the web server, to see if any error messages appear...

cheers
Bruce