ERR_SSL_OBSOLETE_VERSION — Chrome 84+ (July 2020) blocks HTTPS connections to servers supporting only TLS 1.0 or 1.1. Causes: old nginx/Apache, legacy IIS 7, embedded devices. Fix: enable TLS 1.2+1.3, disable 1.0 and 1.1. 10 minutes of work on a modern server.
This error blocks HTTPS access. Below: causes, fixes, working config, FAQ.
Free online tool — SSL certificate checker: instant results, no signup.
ssl_protocols TLSv1.2 TLSv1.3; (do not include TLSv1 and TLSv1.1)SSLProtocol -all +TLSv1.2 +TLSv1.3apt update && apt upgrade openssl libssl-devnginx -V 2>&1 | grep -i sslnginx -t && systemctl reload nginxThe ERR_SSL_OBSOLETE_VERSION error occurs when a web browser attempts to connect to a server using outdated TLS protocols, specifically TLS 1.0 or 1.1. To resolve this issue, ensure your server is configured to support TLS 1.2 or higher, as these versions are more secure and widely accepted by modern browsers. Check your server's SSL/TLS settings and update as necessary to avoid this error.
The ERR_SSL_OBSOLETE_VERSION error indicates that a client (usually a web browser) is trying to connect to a server that only supports outdated versions of the Transport Layer Security (TLS) protocol. TLS 1.0 and TLS 1.1 have been deemed insecure due to various vulnerabilities, including the POODLE attack and BEAST attack, which exploit weaknesses in these older protocols. As of June 30, 2020, major browsers such as Chrome, Firefox, and Edge have deprecated TLS 1.0 and TLS 1.1, meaning that any site relying on these protocols will be flagged as insecure.
For web administrators and developers, it is crucial to understand the implications of this error. When users encounter ERR_SSL_OBSOLETE_VERSION, they are unable to access your site, which can lead to decreased traffic and trust. Furthermore, many compliance standards, such as PCI DSS, require the use of secure protocols, making it essential for businesses to maintain up-to-date security practices.
To diagnose the issue, you can use tools like SSL Labs' SSL Test, which provides a detailed report on your server's SSL/TLS configuration. This can help identify which versions of TLS are supported and whether any cipher suites are outdated.
To resolve the ERR_SSL_OBSOLETE_VERSION error, follow these steps to reconfigure your server to support only secure TLS versions (1.2 and above):
Depending on your server, the configuration steps will vary:
/etc/httpd/conf.d/ssl.conf or /etc/apache2/sites-available/default-ssl.conf./etc/nginx/nginx.conf or a site-specific configuration file in /etc/nginx/sites-available/.In your server configuration, specify the supported TLS versions. Here’s an example configuration for both Apache and Nginx:
# Apache ConfigurationSSLProtocol -all +TLSv1.2 +TLSv1.3# Nginx Configurationssl_protocols TLSv1.2 TLSv1.3;Ensure that TLS 1.0 and TLS 1.1 are explicitly disabled. This can be done by including the following lines in your configuration:
# ApacheSSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1# Nginxssl_protocols TLSv1.2 TLSv1.3;After making the changes, restart your web server:
# Apachesudo systemctl restart apache2# Nginxsudo systemctl restart nginxFinally, retest your configuration using the SSL Labs' SSL Test to ensure that your server is now compliant with modern security standards and no longer presents the ERR_SSL_OBSOLETE_VERSION error.
SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.
Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).
Full chain verification: from leaf certificate through intermediates to root CA.
Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.
Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.
SSL certificate monitoring
TLS config audit
HTTPS as ranking factor
customer trust
www and subdomains.Strict-Transport-Security header forces browsers to always use HTTPS.SSL certificate monitoring, check history and alerts 30 days before expiry.
Sign up freeChrome 84 (July 2020), Firefox 78 (July 2020), Edge 84, Safari 14 (September 2020). By 2026 all modern browsers.
Android < 5.0 cannot do TLS 1.2. Two options: keep a parallel subdomain with TLS 1.0 (DANGEROUS) or drop those clients. In 2026 it's <0.5% of traffic.
No. Put the device on a separate VLAN without internet and talk to it via TLS 1.0 internally, but your public site — TLS 1.2+1.3 only.
<a href="/en/ssl">Enterno SSL</a> or in shell: <code>openssl s_client -connect example.com:443 -tls1_2</code>.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.