We are running Octopus (v2018.3.8) on a Windows Server 2012 R2 (fully patched) with the web portal binding configured over https (using an AlphaSSL certificate)
All is working fine, however, Chrome (v66.0.3359.181) reports this:
“The connection to this site uses TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_256_CBC with HMAC-SHA1 (an obsolete cipher).”
From Googling around its looks like modern ciphers (like ECDHE/GCM) are not supported pre IIS10 (Win 2016), but I don’t think Octopus GUI is using IIS?
So, my question is: How can I configure the Octopus Web Portal’s ciphers to prevent Chrome reporting “an obsolete cipher”.