<div dir="ltr">Rob,<div><br></div><div>Chrome is flagging this, and given the error (I've attached a copy) its probably due to the cipher suite (possibly specifically that it uses SHA1).  This article has more details and is consistent with what we're seeing:</div><div><br></div><div><a href="http://security.stackexchange.com/questions/83831/google-chrome-your-connection-to-website-is-encrypted-with-obsolete-cryptograph">http://security.stackexchange.com/questions/83831/google-chrome-your-connection-to-website-is-encrypted-with-obsolete-cryptograph</a><br></div><div><br></div><div>We've also seen similar issues come up with other applications during penetration scans (e.g., Qualys) which is why I've noted it here.</div><div><br></div><div>Thanks,</div><div><br></div><div>Jeff</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><span style="font-family:Arial,sans-serif">Jeff Hallyburton</span><span style="font-size:10pt;font-family:Arial,sans-serif"><br></span><span style="font-size:10pt;font-family:Arial,sans-serif">Strategic Systems Engineer<br><span style="background-image:initial;background-repeat:initial">Bloomip Inc.</span></span><span><span style="font-size:10pt;font-family:Arial,sans-serif"><br><span style="background-image:initial;background-repeat:initial">Web: </span></span><a href="http://www.bloomip.com/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif;background-image:initial;background-repeat:initial">http://www.bloomip.com</span></a><span style="font-size:10pt;font-family:Arial,sans-serif"><br><br><span style="background-image:initial;background-repeat:initial">Engineering Support: </span></span><a href="mailto:support@bloomip.com" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif;background-image:initial;background-repeat:initial">support@bloomip.com</span></a><span style="font-size:10pt;font-family:Arial,sans-serif"><br><span style="background-image:initial;background-repeat:initial">Billing Support: </span></span><a href="mailto:billing@bloomip.com" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif;background-image:initial;background-repeat:initial">billing@bloomip.com</span></a><span style="font-size:10pt;font-family:Arial,sans-serif"><br><span style="background-image:initial;background-repeat:initial">Customer Support Portal:  </span></span><a href="http://my.bloomip.com/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:10pt;font-family:Arial,sans-serif;background-image:initial;background-repeat:initial">https://my.bloomip.com</span></a></span><span style="font-size:10pt;font-family:Arial,sans-serif"><br></span></div></div></div>
<br><div class="gmail_quote">On Fri, Jan 29, 2016 at 2:36 PM, Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Jeff Hallyburton wrote:<br>
> Hi,<br>
><br>
> We're also seeing that the free-ipa web-portal is using TLS 1.2 by<br>
> default, which is being flagged as insecure / obsolete.  This also seems<br>
> to be causing some clients (some instances of Chrome) to fail logins:<br>
><br>
> [Fri Jan 29 18:34:26.638350 2016] [:error] [pid 6603] SSL Library Error:<br>
> -12286 No common encryption algorithm(s) with client<br>
><br>
><br>
> What do we need to do to update this to TLS 1.3?<br>
<br>
</span>TLS 1.2 insecure/obsolete? Flagged by what? Need more info on what the<br>
handshake looks like and what the server configuration is.<br>
<br>
AFAIK 1.3 is still in draft form.<br>
<span class="HOEnZb"><font color="#888888"><br>
rob<br>
</font></span></blockquote></div><br></div>