1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Cloudflare free SSL do not allow HTTPS access via old IE6 and Android 2.3.X

Discussion in 'Apache' started by postcd, Jun 29, 2016.

  1. #1
    I have free Comodo SSL certifficate from Cludflare and i cant access my website via https via Android 2.3.6 and also on Windows XP internet explorer. These are old apps, but still i think it is quite a issue.

    ssllabs.com/ssltest says following errors when i test my domain:
    Android 2.3.7 No SNI 2 Server sent fatal alert: internal_error
    IE 6 / XP No FS 1 No SNI 2 Server sent fatal alert: handshake_failure
    IE 8 / XP No FS 1 No SNI 2 Server sent fatal alert: internal_error
    SNI - Browser does not support Server Name Indication
    FS - Browser effectively does not support Forward Secrecy

    Please what do you suggest? I do not wish to purchase SSL. I see Lets Encrypt free SSL has A+ rating on this page: https://www.ssllabs.com/ssltest/analyze.html?d=minehub.de
    Free WoSign certifficate shows some mismatch error, but shows the https page.

    Is my only option to switch to other certificate authority? Which one will allow me to browser on IE6, IE8 and old Android as mentioned?
     
    Last edited: Jun 29, 2016
    postcd, Jun 29, 2016 IP
  2. billzo

    billzo Well-Known Member

    Messages:
    961
    Likes Received:
    278
    Best Answers:
    15
    Trophy Points:
    113
    #2
    Older browsers are not going to support the newer features like SNI. Other than browser sniffing and redirecting visitors with browsers that support those features to https, I don't know what you can do. I read the CloudFlare documentation regarding this issue and their only suggestion was to upgrade. So it doesn't look like you have much choice.
     
    billzo, Jun 29, 2016 IP
  3. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #3
    This has to do with non-supported modern SSL-versions in older apps. Either, as suggested, you'll have to put in some sort of redirect for these older browsers, or just inform them that they're part of the problem, and tell them to upgrade. Which they should, regardless. It's really unsafe surfing with those old setups, as there are plenty of unpatched security holes around, and they're just begging to be pwned by some scriptkiddie with too much free time.
     
    PoPSiCLe, Jul 1, 2016 IP
    postcd likes this.
  4. postcd

    postcd Well-Known Member

    Messages:
    1,037
    Likes Received:
    9
    Best Answers:
    1
    Trophy Points:
    190
    #4
    I think you are wrong. I mentioned already that minehub.de is accessible even via old apps/OS thanks to LetsEncrypt free SSL, but Cloudflare not which is bad i think. Seems i canot use free Cloudflare and my own SSL (letsencrypt) at same time, soo annoyed.
     
    postcd, Jul 2, 2016 IP