SSL Errors on iOS

https ssl apple-ios namecheap

My website https://bitmagi.com is failing to load for iOS users at a pretty high rate. Most people are getting the "..could not establish a secure connection..." error. I bought a cheapo positivessl cert from namecheap not sure if that is the issue. I had a support chat with namecheap last night and they said everything is configured correctly on my end. When I test my site through ssllabs.com it shows that iOS is passing:
https://www.ssllabs.com/ssltest/analyze.html?d=bitmagi.com&s=45.79.3.6

I can't figure out what the heck is going on.

debian stretch 9.13 nginx 1.10.3


Solution 1:

I fixed this based off the suggested link from @MichaelHampton: https://ssl-config.mozilla.org/

The specific lines that fixed it were:

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

Related

Server Reached MaxRequestWorkers Setting
how does isc-dhcp-server start on debian 10 with systemd
nginx detecting dead clients
Block all outgoing ssh traffic
Docker change existing stack to start with user namespace but keep images, volumes and containers
How to generate CSR for multi-domain (UCC) purchased SSL certificate?
How to use literal "." in Apache VirtualDocumentRoot
Can't access SSH after run iptables -P OUTPUT DROP
How to allow an SCP client to change file mod time without being the owner
Why is Apache trying to kill a process on startup and why would that cause a failure for Apache to start?
PHP fsockopen giving error with SSL
Time changes by one hour while rebooting RHEL8 Linux server