As usual, I tire myself out tinkering small parts of this site. Last week, I started messing around with http/2. It failed, miserably. My lack of technical skills is still a big hindrance to understanding the core concepts behind a lot of these stuff. But they’re really fun.
There’s one thing I notice while getting https to work. This blog loads without issues on Chrome and Edge, but not on Firefox. No obvious error message; just a grayed out URL, which suggests some handshake error.
Inspect Element > Network does show some kind of error. Firefox receives the request, server responds with a 301 to the https domain, then SSL fails to validate. The end result is a blank screen.
And, as expected, this isn’t an uncommon issue. The cause is an insecure cipher, which Firefox considers invalid. It then close the connection.
The fix is pretty simple. I’m on Nginx so this is the needed piece of code added on the site’s config file:
ssl_prefer_server_ciphers On; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
For more info about this issue, check out this post: Hardening Your Web Server’s SSL Ciphers