SSL Problem in some old PC

my site has the problem in some old PC in Win 7 Google Chrome (see below):

but some PC won’t have the problem.

Could you please solve it urgently? I am Cloudflare Pro account!

When we test the SSL, it showed the below “Handshake Simulation” our site has failed on some old device such as:

  1. Android 2.3.7 No SNI 2 Server sent fatal alert: handshake_failure​​​​​​​
  2. IE 8 / XP No FS 1 No SNI 2 Server sent fatal alert: handshake_failure
  3. Java 6u45 No SNI 2 Server sent fatal alert: handshake_failure

That’s mean Cloudflare don’t support any IE8 visit our website, but many our customers from developing coutries, we have lost about 15% visit yesterday

I sent ticket to cloudlfare support but without any reply, I also try to buy Cloudflare Pro and Advanced Certificate SSL DigiCert, it still can’t solve. Why Cloudflare no support? so disappoint

The problem happend story like this: before 7th July, all our company PC can visit our site without problem. on 8th July, I upgrade Cloudflare from free to pro (Cloudflare re-issue our free SSL automatic when I upgrade Cloudflare from free to pro), then some of our company old PC IE8 in google newest chrome can’t visit but some of other PC can visit without problem.

Then I use ssllabs to test our SSL and found it was IE8 SNI can’t shakehands with Cloudflare new issued SSL, but Cloudflare old SSL can support and all IE8 can visit our site.

Is it IE8 or Chrome? I’m guessing that customers who can’t access your website may be located in mainland China.

I just visited your website using a Windows 7 with IE8 installed and your website’s SSL works perfectly despite serving with an RSA certificate. But this specific Windows 7 has the latest update, so most likely your problem is not reproduced.

You could try Chromium based browsers like 360 (seems to be used by a lot of Chinese customers), they usually manage their own list of root certificates. In the event that your clients cannot/don’t want to upgrade their OS, The only thing you can do probably is have the client use a different browser.

After I learned from this page:

I just spent 10$ to Upgrade to Cloudflare Advanced Certificate Management (ACM), now the site can be visited in my old PC IE8 broswer.

But 10$/month is too expensive, according to the above link, we also have solution one to ask Cloudflare to switch my Cloudflare Universal SSL edge certificates from Letsencypt CA provided to Digicert CA provided SSL certificates? Are you from Cloudflare? If it is, could you please help switch? Thanks!

I’m not a Cloudflare staff.

When exactly did you deploy Advanced certificates?

When I visited your website a few hours ago, I believe your website’s CA was not Let’s encrypt.

edit: If you are sure about site’s CA, why don’t you try option three?

PS: I’m not from Cloudflare too.

2 Likes

many thanks. It clearly that my site was working good: all old PC broswer can visit our website. Only after 7th July when Cloudflare issued new SSL certificate automatic, then the old PC broswer can’t visit. I want to switch the SSL certificate to the one before 7th July, after I check the SSL history and found below:

Do you know this is from Digicert or other brand SSL?

Actually, I am not IT guys and don’t know how to write API, is it possible for me write a ticket to ask Cloudflare to switch to 5th July 2022 SSL? Thanks!

Please open a ticket via email. support AT cloudflare DOT com
You can also post the ticket number here, someone may push it to Support for you.

Thanks. I already submit the ticket #2499996, please push if possible, have a nice day!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.