I have an ASP.NET application deployed in IIS on Windows Server 2012 R2, with an HTTPS binding configured. The SSL certificate is valid and up-to-date.
When connecting to the web site from multiple Windows 7 and Windows 10 clients with Chrome and Firefox, I always get
- ERR_SSL_VERSION_OR_CIPHER_MISMATCH on Chrome (version 67.0.3396.99)
- SSL_ERROR_NO_CYPHER_OVERLAP in Firefox (version 60.0.2)
… but it works like a charm on Internet Explorer and Edge!
There is no custom configuration on the server relating to SSL (SSL Cipher Suite Order: Not Configured).
Inspection with Wireshark reveals this:
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure).
Any idea?
Best Answer
Test your site on https://www.ssllabs.com/ssltest/. See what the handshake tests say
Use IISCrypto to tune your server removing the older weak protocols (SSL 2, SSL 3, TLS 1.0), make sure that current protocols are supported (TLS 1.2)
Remove the ciphers that are listed weak (RC2, RC4, 3DES, ect) and make sure current ciphers are supported (AES 128/256)