IE-11 Not able to connect via Core Services 3.1.4 Apache Server using TLS v1.2
|Applies to:||Hornbill Core Services Version 3.1.4|
After configuring Core Services 3.1.4 Apache Server to use only TLS v1.0 and TLS v1.2 IE 11 is no longer able to connect to any hosted web sites via HTTPS. The browser displays the following error:
"Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://localhost again. If this error persists, it is possible that this site uses an unsupported protocol or Cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator."
Due to the certificate being created with the now obsoleted (md5) Signature hash algorithm as opposed to the recommended (sha256).
The solution requires the generation of a new Self Signed Certificate using the updated algorithms. The steps to achieve this using the openssl.exe tool supplied with Cores Services 3.1.4, can be found in the following FAQs:
- Creating a Self-Signed Certificate
- Configuring SSL and Using Your Own Certificate/Key on the Web Server
We would also recommend that the following changes in the section "Disabling SSL\Weak Ciphers and Mitigating BEAST Attacks and POODLE attacks" in the "Apache Web Server Hardening" from the following FAQ also be applied: