So I have the " ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY " Error in chrome and the only way to see the website is to use Safari… I’ve already cleared my cache so its not chrome…
How can i downgrade Nginx ?? Because that seems like the only viable option
Fixed the issue.
For future reference.
Use this command line
nano /var/www/yourdomain.com/conf/nginx/ssl.conf
Then delete http2.
Save.
Then restart Nginx. ee stack restart
@cktalon buddy I am facing the same error… There is no http2 line in my installation… Any help here would be appreciated…
When You type "nano /var/www/your-domain-name.com/conf/nginx/ssl.conf "
You don’t see the below lines ??
listen 443 ssl http2; ssl on; ssl_certificate /etc/letsencrypt/live/your-domain-name.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your-domain-name.com/privkey.pem;
No… I see only ssl on; onwards…
I just resinstalled everything from scratch and now i could see http2 - Just removed that and everything is working fine. Thanks everyone…
Just to summarize: SSL ciphers was not the issue - I tried doing that - it broke the entire site. http2 was the real issue - but before 26th March, I have personally done 5 ee installs and it was never the issue.
Now the question for @admin @radhe @radhe83 is whether or not this configuration is secure or removing the http2 is simply a work around. Because this in its exact form is working on all my other sites installed before 26th March. Any answer to this will really be helpful.
Is there a proper solutions for this issue? Obviously, this workaround disables HTTP/2, which is hardly desirable. What’s the way to fix this such that HTTP/2 is supported?
Hello,
Yes, just replace the old ssl cipher suite currently used in nginx.conf with the command :
sed -i 's/ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHADHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!ECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;/ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;/' /etc/nginx/nginx.conf
thanks virtu!!!