SSL certificate showing Obsolete connection settings after renewal

[anil jain]

Hello,

Just before few week back i have renew my ssl certificate for my windows server 2008 R2.

To renew ssl certificate i generate CSR through my IIS and then purchase ssl certificate from Symantec. Once i received certificate from Symantec, i installed it on my IIS and when i checked on my domain site its showing as below.

This page is secure (valid HTTPS).

 

Valid certificate

The connection to this site is using a valid, trusted server certificate issued by DigiCert SHA2 Secure Server CA.

Obsolete connection settings

The connection to this site uses TLS 1.2 (a strong protocol), ECDHE_RSA with P-384 (a strong key exchange), and AES_256_CBC with HMAC-SHA1 (an obsolete cipher).

Why its showing "Obsolete connection settings" ?

I google it and tried with IISCrypto but still showing the same. Please help me into this.

Thanks

Anil

[George (Cloud Platform Support)]

On your server, you might have a version of OpenSSL that was compiled without support for ECC (and thus ECDHE). You can run the nmap --script ssl-enum-ciphers -p 443 name-of-your-site to see what ciphers are supported on your server, and in which order. For more detail you may read the preferred answer to the "Apache SSL: 'an obsolete key exchange (RSA)'” question on stackoverflow.