Been having issues for a few days now, the server is fully up to date with Windows patches.
Using IIS Crypto is enabling TLS 1.0/1.1/1.2 and disabling SSL2/3
Removing as suggested by MS TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256
Cannot access https with IE/Firefox/Chrome
Chrome: Error code: ERR_CONNECTION_CLOSED Firefox: The connection was interrupted IE: This page can’t be displayed
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
The following fatal alert was generated: 40. The internal error state is 1205.
ssllabs.com states that Protocol or cipher suite mismatch Fail (3)
Cipher Suites in use TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 521 bits (eq. 15360 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 521 bits (eq. 15360 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 521 bits (eq. 15360 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 521 bits (eq. 15360 bits RSA) FS 128 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits (p: 128, g: 128, Ys: 128) FS 256 TLS_RSA_WITH_RC4_128_SHA (0x5) 128
1# If I enable SSL3 I can access https via IE/Firefox but not Chrome.
2# If I enable all except TLS 1.0 I can access via IE/Chrome and Firefox but we need TLS1.0
Server Key and Certificate #1 Key RSA 2048 bits Weak key (Debian) No Issuer RapidSSL CA Signature algorithm SHA1withRSA WEAK Extended Validation No Revocation information CRL, OCSP Revocation status Good (not revoked) Trusted Yes