Pages

Wednesday, October 21, 2020

Browsing a Citrix ADC / NetScaler published Exchange OWA displays the warning message: Your connection is not fully secure Your connection is not fully secure NET::ERR_SSL_OBSOLETE_VERSION

Problem

You’ve received reports that browsing a Citrix ADC / NetScaler published Exchange OWA displays the following warning message in Chrome and Edge Chromium:

Google Chrome

Your connection is not fully secure

This site uses an outdated security configuration, which may expose your information (for example, passwords, messages, or credit cards) when it is sent to this site.

NET::ERR_SSL_OBSOLETE_VERSION

image

image

Edge Chromium

Your connection isn't secure

This site uses an outdated security configuration that might expose your personal information when it's sent to this site (for example, passwords, messages, or credit cards).

NET::ERR_SSL_OBSOLETE_VERSION

image

It is possible to proceed in both browsers but a Not secure message will be displayed in the address bar:

image

Solution

One of the reasons why this warning message would be displayed is because Google Chrome 72 and later versions have deprecated support for legacy TLS versions, which include TLS 1.0 and 1.1. If the Load Balancing Virtual Server for the Exchange OWA configured on Citrix ADC / NetScaler has only TLS 1.0 and TLS 1.1 enabled as shown in the screenshot below then the warning message above will be displayed:

image

To correct the issue, simply enable TLSv12 in addition to TLSv1, TLSv11:

image

Or just enable TLSv12 if there are no legacy devices with browsers accessing the website (those should be upgraded if they exist):

image

Once updated, the site should load and the Security tab of Google Chrome’s Developer Tools should display a message indicating the site is using TLS 1.2:

image

No comments: