Unsafe TLS Message

Roxzfr · April 16, 2019, 7:04am

I am not sure is this is the right category; however, my client has suddenly started receiving the following message when trying to access her CMS site

This site can’t provide a secure connection

1drv.ms uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Hide details

Unsupported protocol

The client and server don’t support a common SSL protocol version or cipher suite.

and

Can’t connect securely to this page

This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner

This is the share link:-
https://preview.webflow.com/preview/beverston-parish?utm_source=beverston-parish&preview=5bbd6eb9ca37a4c35e00ca8f36f5fbbc

Would really appreciate some help, she is only getting the message on her Webflow site,

webdev · April 16, 2019, 1:07pm

Please provide the published URL for review.

Roxzfr · April 16, 2019, 1:40pm

Hello @webdev

Many thanks

webdev · April 16, 2019, 1:55pm

Your site is running a valid SSL certificate.

Common Name = www.beverstonparishcouncil.org.uk

Subject Alternative Names = www.beverstonparishcouncil.org.uk
Issuer = Let’s Encrypt Authority X3
Serial Number = 0311DACF2566CEC1C585AE3CDDD11277BD78
SHA1 Thumbprint = A95A50F6C0D923C4ED435058E36758D36A9DF6F3
Key Length = 2048
Signature algorithm = SHA256 + RSA (excellent)
Secure Renegotiation: Supported

1dtv.ms is the Microsoft OneDrive share URL that use used when you share links via Onedrive. This obviously is not the URL of your site. You might want to have the user provide more info or …

Roxzfr · April 16, 2019, 1:57pm

Thank you @webdev, what type of information should I ask for?

webdev · April 16, 2019, 2:05pm

Confirm the correct URL is loaded in the browser, identify the the OS, browser, and browser version. Have the user visit the site in Incognito mode with NO browser extensions to see if the same occurs. Check the DNS settings if a redirect is happening. If DNS is poisoned then recommend using 1.1.1.1 Cloudflare DNS → https://1.1.1.1 for primary DNS if possible (I would use it anyway).

I suspect a client issue.

Roxzfr · April 16, 2019, 2:09pm

I agree a client issue - which I still have to solve. I use Webflow hosting and it looks ok - what do you mean by poisoned? It looks OK when I check it?

webdev · April 16, 2019, 2:16pm

The reference means a non authoritative IP address is returned by the DNS query, which is made against a non authoritative DNS server. This can happen on compromised machines. Not saying that is the case, but it is a possibility.

If the client visits the site, they should be able to inspect the certificate. It should show the data I posted. If it does not, then a game is afoot.

Roxzfr · April 16, 2019, 2:23pm

Sorry for being stupid - this is all new to me. I don’t really understand, how will the client inspect the certificate?

webdev · April 16, 2019, 2:41pm

With most browsers you click on the lock icon next to the URL in the browser address bar.

Identifying client network, hardware, or OS issues is a can of worms best avoided by a designer.

This really has nothing to do with webflow or you, unless you provide IT support on machines. I would suggest deferring to a computer / network tech.

Roxzfr · April 16, 2019, 2:59pm

Thank you @webdev

I am keen to try and fix it., but no I certainly do not provide support - hardware is not my thing!

cyberdave · April 17, 2019, 8:44am

Hi @Roxzfr, thanks for your post. The connection to the custom domain hosted in Webflow is secure:

https://cl.ly/8da0e3bfe395/Image%2525202019-04-17%252520at%25252011.38.48%252520AM.png

This domain from the error message is not hosted in Webflow, as mentioned it looks like OneDrive, but I would still not click any suspicious url.

Roxzfr · April 17, 2019, 8:46am

Thanks @cyberdave - appreciated.