HTTPS: Fix Browser Protocol/Cipher Display

TL;DR

Your browser isn’t showing HTTPS protocol details because of a misconfiguration on your server, an outdated browser, or caching issues. This guide helps you diagnose and fix it.

1. Check Your Certificate Installation

1. Verify the certificate is correctly installed: Use an online SSL checker tool (like SSL Shopper or DigiCert’s Checker) to confirm your certificate is valid, not expired, and covers your domain name (including any subdomains).
2. Check the chain of trust: Ensure you have installed the intermediate certificates *as well as* your main certificate. Most Certificate Authorities (CAs) provide a bundle containing both. Without intermediates, browsers can’t verify the full chain back to a trusted root CA.

2. Server Configuration – Common Issues

The most common cause is incorrect server configuration. The steps vary depending on your web server.

Apache

1. Check Virtual Host: Ensure your HTTPS virtual host file (usually in /etc/apache2/sites-available/) is correctly configured to use the correct certificate and key files.
2. SSLCertificateChainFile: Make sure you have a line like this, pointing to your intermediate certificate bundle:

   SSLCertificateChainFile /path/to/your/intermediate_bundle.pem

3. Restart Apache: After making changes, restart the server:

   sudo systemctl restart apache2

Nginx

1. Check Server Block: Verify your HTTPS server block (usually in /etc/nginx/sites-available/) is configured correctly.
2. ssl_certificate & ssl_certificate_key: Ensure these directives point to the correct certificate and key files.

   ssl_certificate /path/to/your/certificate.pem;

   ssl_certificate_key /path/to/your/private.key;

3. ssl_trusted_certificate: Include the intermediate certificate(s) here:

   ssl_trusted_certificate /path/to/your/intermediate_bundle.pem;

4. Restart Nginx: Restart the server after changes:

   sudo systemctl restart nginx

Other Servers (IIS, etc.)

Consult your server’s documentation for instructions on installing and configuring SSL certificates. Pay close attention to intermediate certificate requirements.

3. Browser Compatibility

1. Outdated Browsers: Very old browsers may not support modern TLS protocols or cipher suites. Encourage users to upgrade to a current browser version (Chrome, Firefox, Edge, Safari).
2. Browser Settings: Rarely, browser settings might be interfering. Try resetting your browser’s security settings to their defaults as a test (be careful when doing this!).

4. Caching Issues

1. Browser Cache: Clear your browser’s cache and cookies completely.
2. Server-Side Cache: If you use server-side caching (e.g., Varnish, Redis), clear that cache as well.

5. Check TLS Configuration

Your server needs to be configured to support modern TLS protocols and strong cipher suites.

1. Use a TLS checker: Tools like TestSSL.sh can analyze your server’s TLS configuration and identify weaknesses or unsupported features.
2. Enable TLS 1.2 & 1.3: Disable older protocols (TLS 1.0, TLS 1.1) as they are insecure.
3. Strong Cipher Suites: Configure your server to use strong cipher suites. Avoid weak or deprecated ciphers.

   # Example Nginx configuration snippet

   ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256';

6. OCSP Stapling

While not directly related to displaying protocol information, enabling OCSP stapling can improve performance and security. Check your server documentation for instructions.