Problem
You’ve received reports that browsing a Citrix ADC / NetScaler published Exchange OWA displays the following warning message in Chrome and Edge Chromium:
Google Chrome
Your connection is not fully secure
This site uses an outdated security configuration, which may expose your information (for example, passwords, messages, or credit cards) when it is sent to this site.
NET::ERR_SSL_OBSOLETE_VERSION
Edge Chromium
Your connection isn't secure
This site uses an outdated security configuration that might expose your personal information when it's sent to this site (for example, passwords, messages, or credit cards).
NET::ERR_SSL_OBSOLETE_VERSION
It is possible to proceed in both browsers but a Not secure message will be displayed in the address bar:
Solution
One of the reasons why this warning message would be displayed is because Google Chrome 72 and later versions have deprecated support for legacy TLS versions, which include TLS 1.0 and 1.1. If the Load Balancing Virtual Server for the Exchange OWA configured on Citrix ADC / NetScaler has only TLS 1.0 and TLS 1.1 enabled as shown in the screenshot below then the warning message above will be displayed:
To correct the issue, simply enable TLSv12 in addition to TLSv1, TLSv11:
Or just enable TLSv12 if there are no legacy devices with browsers accessing the website (those should be upgraded if they exist):
Once updated, the site should load and the Security tab of Google Chrome’s Developer Tools should display a message indicating the site is using TLS 1.2:
No comments:
Post a Comment