We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

"Security Connection Failed" when connecting to IIS web server over HTTPS that only has TLS 1.2 enabled

more options

Using Firefox 62.0.2 in Windows 10. Trying to connect to our IIS webserver that only has TLS 1.2 enabled but encounter the following error:

"Secure Connection Failed. The connection to the sever was reset while the page was loading"

If I enabled TLS 1.1, TLS 1.0 on the server, the connection via TLS 1.2 works fine. Chrome and IE browser don't have this issue and can connect when TLS 1.2 is exclusively enabled.

Our security group frowns on enabling TLS 1.1 / TLS 1.0. Please advise on how to get TLS 1.2 (exclusive) working with latest Firefox for Windows 10.

Using Firefox 62.0.2 in Windows 10. Trying to connect to our IIS webserver that only has TLS 1.2 enabled but encounter the following error: "Secure Connection Failed. The connection to the sever was reset while the page was loading" If I enabled TLS 1.1, TLS 1.0 on the server, the connection via TLS 1.2 works fine. Chrome and IE browser don't have this issue and can connect when TLS 1.2 is exclusively enabled. Our security group frowns on enabling TLS 1.1 / TLS 1.0. Please advise on how to get TLS 1.2 (exclusive) working with latest Firefox for Windows 10.

All Replies (11)

more options

This is not true Firefox support this TLS_RSA_WITH_AES_256_GCM_SHA384

more options

AnnaSycamore said

This is not true Firefox support this TLS_RSA_WITH_AES_256_GCM_SHA384

Possibly that is not Firefox 62?

Firefox disabled RC4 ciphers by default in Firefox 44, and removed them in Firefox 50. What version did you test with?

The ciphers starting with TLS_DHE do not show up for me in Firefox 62 on Windows 7.

more options

Hello jscher2000 My Firefox is up to date

more options

Attaching enabled cipher suites from client and server (Qualys vs Nartac)


Server and client both appear to have TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 in common yet the handshake fails. May have to open support ticket with M$ft

more options

This is a problem is supported but is weak and not compatible with tls 1.2

On the other side your last reply (jscher2002) pointed me to this https://tecadmin.net/enable-tls-on-windows-server-and-iis/

Athraithe ag AnnaSycamore ar

more options

skmcfadden said

Server and client both appear to have TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 in common yet the handshake fails. May have to open support ticket with M$ft

This one, too:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

more options

If I use Nartac to enable "best practices" (TLS 1.0/1.1/1.2) all enabled. I get firefox 62 TLS 1.2 handshake to work. Here is the server hello:

HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 16:49:24.975 Connection: close

This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Options > HTTPS > Decrypt HTTPS traffic option.

A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2) SessionID: 68 19 00 00 5E 42 D5 99 9D 2C B4 81 2F 09 6C 62 57 CC 97 F8 21 14 E3 85 79 38 F1 7C CE 68 D9 A7 Random: 5B B6 8A E4 A6 43 C0 E7 04 F2 73 74 B1 01 A0 B1 CA 2D 3C 08 AD 38 4C D0 BB 6C A5 7E 9D 89 4A D2 Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014] CompressionSuite: NO_COMPRESSION [0x00] Extensions: status_request (OCSP-stapling) empty extended_master_secret empty renegotiation_info 00

more options

skmcfadden said

Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014]

I don't know what that is... ??

more options

Yeah, I don't know what that is either. I don't see it in Nartac.

more options

I have similar issue IIS 10 Going to the site is fine. But going to a page that downloads a PDF inline gives this error. Only TLS 1.2 is enabled SSLLabs = A The only difference I can see F12 on FF Network=>Security Key Exchange Group on the working page is "none" on the failed one x25519

more options

nuronce said

Going to the site is fine. But going to a page that downloads a PDF inline gives this error. ... The only difference I can see F12 on FF Network=>Security Key Exchange Group on the working page is "none" on the failed one x25519

Well, this page has "Key Exchange Group: none", so I don't think that points us to the answer.

Could you start a new thread? At the top of pages there's a link titled "Get Community Support". Keep scrolling down past suggestions on those pages to continue with the question form.

  1. 1
  2. 2