Windows XP Google Chrome unable to get avatar from

(Admir Hodzic) #1

Our forum is on standard docker update.
We using letters avatar whit default values for external system avatars url{first_letter}/{color}/{size}.png

Since we updated to 1.5.0.beta2 users on WinXP using Google chrome start compaling that they can’t see avatars icons anymore. (Before version 1.5 it worked OK)

Here is what we get on Widonws XP Google Chrome 45.0.2454.101 m (is up to date) when open any discource

When we call avatar ul we get error like this

We clound not reproduce this on FireFox

(Gerhard Schlager) #2

Windows XP isn’t supported anymore (unless you pay lots of :moneybag: to Microsoft). Either use Firefox, since it’s the only browser that doesn’t rely on the OS as much as the others do, or switch to a newer OS. If you stay with Windows XP you’ll start to see such problems more and more.

And here’s why you get that error. uses Cloudflare:

According to Symantec’s ECC PDF written on May 2013, WinXP IE as well as Chrome do not support ECC 256 bit. For WinXP only Firefox 19+ work with ECC 256 bit SSL certificates. Which would explain why, WinXP SP3 + Chrome 37 didn’t work with Cloudflare Universal SSL with ECC 256 bit ECDSA.

Quote from Cloudflare - SSL - Cloudflare Universal SSL incompatible with WinXP Internet Explorer <=8 browsers | Centmin Mod Community

(Admir Hodzic) #3

another work around is to delete S from:{first_letter}/{color}/{size}.png

Looks like is avaible whitout SSL using only HTTP protocol.

I apologize for the inconvenience due to spamming BUG category.
The solution that came to mind when I asked the question

(Sam Saffron) #4

We can see if we can buy a cert that supports older browsers for avatars

(Matt Palmer) #5

That will work if you never serve pages on your own site via HTTPS. Otherwise, you’ll get mixed content warnings.

It’s not (just) a certificate-level problem; the proximate issue (that Chrome is reporting in the screenshot above) is that WinXP only supports ye olde ciphers (how the data is encrypted/authenticated in transit) and Cloudflare isn’t supporting that (on our current plan, at least). Getting a compatible certificate might also be needed, but it won’t be enough to solve this problem.

(Rafael dos Santos Silva) #6

Proxying avatar requests through your nginx instance will work.

If your discourse nginx already trade security for Chrome@XP compatibility, by using http or old cyphers, use the open PR by @mpalmer to proxy.

However you can’t expect support on secure instances like here on meta.

(Jeff Atwood) #8

We plan to upload a different cert into our CloudFlare account to solve this.

(Jeff Atwood) #9