AnsweredAssumed Answered

Internet Explorer 11 with TLSv1.1 and 1.2 on Apache 2.2

Question asked by Mike Burns on Sep 22, 2015
Latest reply on Sep 23, 2015 by Mike Burns

Recently we removed TLS1.0 on our Apache 2.2 and 2.4 configurations.  Firefox and Chrome connect to both Apache 2.2 and 2.4 with the cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and protocol TLS1.2.  For Apache 2.2 IE11 connects and in its Client Hello has the cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 among others , the Server Hello is almost identical to the FF and Chrome, but the client responds with an ack for the Server Hello, then a FIN.  A difference I see between Apache 2.2 and 2.4 is the size of the Server Hello message, 1 packet in the former and 2 packets in the former.  I also tried every cipher with IE 11 and Apache 2.2, but none of them would get past the server key exchange.

 

Is there a reason FF and Chrome work with Apache 2.2 with TLSv1.0 disabled and an ECDHE cipher, but not IE11?

 

 

 

IE 11

     Apache 2.2 Server Hello

     1 packet 1078 bytes

 

     Apache 2.4 Server Hello

     2 packets

          Server Hello 1308 bytes

          Server Key Exchange 271 bytes

 

Chrome

     Apache 2.2 Server Hello

     1 packet 1050 Bytes

 

     Apache 2.4 Server Hello

     2 packets

          Server Hello 1308 bytes

          Server Key Exchange 247 Bytes

 

Thanks

 

--Mike

Outcomes