XF 2.1 Forum not working in safari for one user

[Mr Lucky]

OK, so this seems to be only one user who is saying my forum at https://logic-users-group.com is not opening in safari.

It works fine for him on other browsers, and works fine for others on safari.

running OS X Yosemite 10.10.5 and Safari 10.1.2. I've tried clearing the cache, cookies, disabling extensions, restarting my wifi, and resetting the DNS servers. It seems like an encryption issue? I'm also unable to see a certificate for the site in Keychain Access.

Any idea what might be going on here?

 

[HWS]

Your site works well with most recent Safari.

SSL Server Test: logic-users-group.com (Powered by Qualys SSL Labs)

As you can see, the browser needs to support SNI to access your site. Your site seems to share it's ip address with other sites.

 

[BassMan]

Maybe he's using a VPN. Not sure why, but I know sometimes that issue can occur (haven't seen any for XenForo, though, but just a thought of what might be).

 

[bzcomputers]

To support some older versions of Safari and IE you would need add a couple more ciphers.

Test adding these two:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (should cover all older versions of Safari)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (covers some older versions of IE11)

Be aware these are slightly weaker ciphers than you will find on a default cPanel config. You can always test to see if the issue goes away and switch back easily if you don't think the slight security risk increase is worth it for one user on one device.

 

[Mr Lucky]

To support some older versions of Safari and IE you would need add a couple more ciphers.

Test adding these two:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (should cover all older versions of Safari)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (covers some older versions of IE11)

Be aware these are slightly weaker ciphers than you will find on a default cPanel config. You can always test to see if the issue goes away and switch back easily if you don't think the slight security risk increase is worth it for one user on one device.

OK thanks, this looks like the same issue I have had with old IE users then, It is shared hosting with @MattW and I'm sure (quite rightly) he won't compromise the security of the server on shared hosting so I'll tell the user he just has to update.

 

[bzcomputers]

OK thanks, this looks like the same issue I have had with old IE users then, It is shared hosting with @MattW and I'm sure (quite rightly) he won't compromise the security of the server on shared hosting so I'll tell the user he just has to update.

They are still TLS 1.2 ciphers just slightly weaker than the standard ones for compatibility reasons with some older browsers.

Currently your site looks like this:


adding those 2 ciphers would eliminate your handshake failures for those old browsers:

 

[Paul B]

It's the same issue you posted about here: https://xenforo.com/community/threads/internet-explorer-11-issue.173520/#post-1390443

 

[Mr Lucky]

It's the same issue you posted about here: https://xenforo.com/community/threads/internet-explorer-11-issue.173520/#post-1390443

Yes I just realised that thanks to bzcomputers, though I did not think it would also apply to Safari 10.