Safari can't establish secure connection - but site works on all other browsers

coppertop

• May 06, 2020 07:16

Mac users browsing on Safari are getting the message "Safari can't open the page "my website" because Safari can't establish a secure connection to the server "my domain name". The site is working on all other browsers. 3 of my students are having the same issue, all using Mac laptops, all trying to browse on safari. Does Mac/Safari need a different SSL?

• 

  GOT

  • May 06, 2020 13:40

  Older versions of safari do not support TLS 1.2 which is default on new servers.

  0
• 

  cPanelLauren

  • May 06, 2020 19:27

  @GOT is correct this is also essentially the answer I would provide as well.

  0
• 

  coppertop

  • May 08, 2020 15:37

  So what would be my next step to ensure these students can access my site? Do I need to purchase a wildcard SSL?

  0
• 

  cPanelLauren

  • May 08, 2020 19:09

  No as noted by @GOT:

  Older versions of safari do not support TLS 1.2 which is default on new servers.

  
  The article he sent actually references the following: [QUOTE]Note: Please note that certificates are not dependent on the protocols you have enabled or disabled, the protocols are determined by your server configuration and not by the certificates and will likely be managed by your server administrator or the appropriate IT staff within your organization.
  Which clearly notes that the protocol is not dependent on the certificate. The deprecation notice is to explain which protocols are to be used on servers primarily for PCI compliance standards. Sectigo/Comodo also announced something similar: TLS 1.0 is no longer used to secure communications | PCI Compliance This is essentially a decision you need to make as a provider - do you force them to use a different browser for the sake of security or do you allow older/potentially insecure protocols - the decision is up to you but in order to allow compatibility with older versions of Safari you need to allow TLSv1.0 which personally I would not do but that's my 2 cents. A more informative article from globalsign that details the security risk for allowing TLS v1.0 can be found here It"s Time to Disable TLS 1.0 (and All SSL Versions) If You Haven"t Already To reiterate - this has absolutely nothing to do with your SSL certificate -it's specific to the protocols the server supports. It is also absolutely not advised to put your server at risk to allow these protocols as opposed to requiring your users to use a browser that supports a modern cryptographic protocol - keep in mind that SSLv1.0 was introduced in 1995

  0
• 

  coppertop

  • May 12, 2020 12:35

  No as noted by @GOT: The article he sent actually references the following: Which clearly notes that the protocol is not dependent on the certificate. The deprecation notice is to explain which protocols are to be used on servers primarily for PCI compliance standards. Sectigo/Comodo also announced something similar: It"s Time to Disable TLS 1.0 (and All SSL Versions) If You Haven"t Already To reiterate - this has absolutely nothing to do with your SSL certificate -it's specific to the protocols the server supports. It is also absolutely not advised to put your server at risk to allow these protocols as opposed to requiring your users to use a browser that supports a modern cryptographic protocol - keep in mind that SSLv1.0 was introduced in 1995

  
  Thank you for your insight!

  0
• 

  nosajix

  • July 03, 2020 20:21

  So does that mean that google and apple.com use TLS 1.0 because their websites load no problem.

  0

Please sign in to leave a comment.