I am running some small websites which are served by Apache / Linux. Currently, I am trying to cut down the SSL configuration as far as possible to make it as secure as possible.
I have configured Apache so that it only allows TLS 1.2 and only ciphers with DHE or ECDHE key exchange. Firefox and Chrome in the newest versions (as per the time of this writing) perfectly connect to the websites on this server.
But Internet Explorer 11 (running under Windows 7 x64) in standard configuration is not able to connect to any of these websites. Wireshark captures show that the IE in its first client hello tries TLS 1.2, shows its ciphers to the server and so on, and that the server's answer is correct, including the cipher chosen.
Then, seemingly for no reason, IE restarts and sends a new client hello, this time using TLS 1.0, which of course fails and makes IE think that it can't connect to the website.
Could there be a bug in IE which makes it try the wrong protocol after the right protocol already has been successfully established? A bug which possibly only occurs if the server ONLY provides TLS 1.2 (which is probably quite uncommon)?
Best Answer
Check whether you are using an MD5 certificate or not, since Internet Explorer 9/10/11 and Edge abort the connection if the server provides a certificate chain which uses MD5 algorithm, as mentioned at the end of this blog:
Searching with the keyword
md5 tls1.2reveals this blog post TLS 1.2 handshake failure which describes the same problem in more details. Basically, according to RFC5246 The Transport Layer Security (TLS) Protocol Version 1.2, MD5 is no longer considered a secured hash function, soschannel.dllfollows the RFC and reject MD5 certificate chain.While I understand the rationale, it would have been easier to troubleshoot if the error message had been more specific. Therefore, I have filed an issue to the bug tracker.
Swapping in a SHA-2561 certificate should resolve the problem.
1 SHA-1 would also work, but it is no longer recommended