I am adding SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256 in .htaccess file and after that my website is opening in Firefox but not opening in internet explorer 11.
Do i need any other combination for SSLCipherSuite to run my website in Internet Explorer 11?
thanks
SSL cipher suite support on Internet Explorer depends both on the
version of IE and on the version of the operating system
https://github.com/client9/sslassert/wiki/IE-Supported-Cipher-Suites
Try either one of the following for IE11:
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA
Take the guesswork out of the configuration by using a tool such as the Mozilla SSL Configuration Generator to check which configuration you should use.
(as described in this answer)
Related
When I create and run a WebApi .NET Core project, I get an untrusted certificate error in Chrome.
I read https://www.hanselman.com/blog/DevelopingLocallyWithASPNETCoreUnderHTTPSSSLAndSelfSignedCerts.aspx and tried dotnet dev-certs https --trust but this option is missing on Linux:
On Linux there isn't a standard way across distros to trust the certificate, so you'll need to perform the distro specific guidance for trusting the development certificate.
How can I make Chrome on Linux trust the cert?
I used this article to solve your problem. I hope you will resolve your problem.
I'm using classic asp on IIS on Windows server 2012, and Server.CreateObject("Msxml2.XMLHTTP.6.0") to make soap requests against a payment processor, and "suddenly" it stopped working.
The payment processor has disabled TLS 1.0, we're supposed to do TLS 1.1 or 1.2; I think this is the cause of the problem...
How do I see and if needed change which protocol it uses?
Take a look here: https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls#systemdefaulttlsversions - specifically at sections SystemDefaultTlsVersions and SchUseStrongCrypto. You should also go ahead and disable all insecure ciphers/protocols/key exchanges in SChannel - the windows component responsible for SSL/TLS.
There is a GUI tool called IISCrypto from a company called Nartac that has some common profiles that are (somewhat) safer than editing the registry directly for disabling various obsolete components. see https://www.nartac.com/Products/IISCrypto.
Word of warning - be careful with your SChannel settings (either editing the registry or using IIS Crypto) - the settings are used throughout windows and are required for services like RDP and WinRM among other things - backup first, then test carefully.
I had similar situation - I have used Msxml2.XMLHTTP for API endpoint call in VB script and suddenly it stopped working. I got error "The system cannot locate the resource specified" and http.status returned 12029. The problem was not in the URL, it worked when I tried to call the URL from the browser. But when I started VB script, it has failed on the line http.send.
How I solved it finally?
I hade to install recommended update to my Windows Server 2012:
Microsoft .NET Framework 4.8 for Windows Server 2012 for x64 (KB4486081)
and I have installed one optional update too:
Internet Explorer 11 for Windows Server 2012 for x64
After this and server restart it started to work again. I can use both: "Msxml2.XMLHTTP.6.0" or "Msxml2.XMLHTTP", it does not matter.
We are running into some issues that seem to be affected by http2 and I want to turn it off temporarily to troubleshoot. I tried the registry keys outlined in this question but that did not help with Windows Server 2016.
How to disable HTTP/2 on IIS of Windows 10
Start → regedit
Navigate to the folder/path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
Under the Parameters folder, right-click the white-space, add 2 new DWORD (32-bit) values:
EnableHttp2Tls
EnableHttp2Cleartext
Ensure both new values have been set to 0(disabled) by right-clicking the value and clicking "Modify..."
Restart the OS.
Another solution, if you are only testing, is run Chrome without http2 enabled. from start run, chrome --disable-http2
Also, apparently a fix is coming, we just have to be patient for the rollout. See THIS article
I have installed IE8 on my system. I usually test my application on this browser, but the problem arises when i got to know that the client is using IE7. Now how can i test my application on IE7?
One possible solution is to have dual booting on my system. So on version of Windows i can have IE7 and on another i can have IE8. But i really don't want to use this solution.
Another possible solution is to use PC Emulator [ Don't know what is this, just heard about these ]. Using which i can have multiple IE version simultaneously. Have you ever tried this solution? Please name any good FREE emulator.
Please let me know if there is any other better solution.
you can use
http://www.my-debugbar.com/wiki/IETester/HomePage
and here can you see all browser versions as picture
http://browsershots.org/
I got the solution. :)
In IE8, click on Tools > Developer Tools | or press F12
Then in developer Tools > select the browser mode [ available: IE7, IE8, IE8 with compatibility view ]
This is what i was expecting. :)
Microsoft provides a free set of Windows Virtual PC images for testing various versions of IE on various Windows service packs.
Virtual PC is also free.
Have you ever seen Microsoft Expression Web tool? It contains kick-ass tool for testing pages in various versions of IE - SuperPreview. And this tool also available free, you can download it here.
It's much more easy to use it instead of Virtual PC images. But it can't replace VPC completely because testing in clear environment is also very important.
This is a quick and easy web service solution, good for quick testing.
http://www.browserstack.com/
For those who are still looking for an answer here's a Chrome extension
It has over 6 millions users, and it claims:
Top 10 Chrome extension since 2009!
-- WINDOWS ONLY -- WINDOWS ONLY --
IE Tab exactly emulates IE by using the IE rendering engine directly
within Chrome. This will enable you to use ActiveX controls and test
your web pages with different versions of IE (IE6, IE7, IE8, or IE9).
-- FEATURES --
Create a list of URLs that will automatically open in IE Tab
Group Policy support for enterprise deployments
Securely use the old IE rendering engine
Edit Sharepoint documents instead of opening read-only
Use Java, Silverlight, and ActiveX in Chrome seamlessly
You can also look at Adobe BrowserLab:
http://browserlab.adobe.com
Microsoft has launched Modern.IE to help with this. Go here to download a test image for your preferred OS and visualization software.
http://www.modern.ie/en-us/virtualization-tools#downloads
I recently got a notification from a McAfee service (what used to be called HackerSafe) that my website is using SSLv2 and it should be using SSLv3. I don't know anything about the versions of SSL. My site is using IIS 6.0, is there a setting somewhere to turn on SSLv3 or do I need to install something to make this happen? Also, is there any drawbacks to only using SSLv3? Are there browsers that can only use v2?
The Microsoft KB Article referenced in TravisO's answer is helpful for general reference. I used the information from that article along with information gathered from ServerSniff.net's SSL analysis tool
Also, you can copy and paste the following snippet into a .reg file to quickly disable SSLv2 on a web farm:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
In regards to browser support for SSLv3, the following information should help (taken from the McAfee Scan Alert):
In Internet Explorer 7, the default
HTTPS protocol settings are changed to
disable the weaker SSLv2 protocol and
to enable the stronger TLSv1 protocol.
By default, IE7 users will only
negotiate HTTPS connections using
SSLv3 or TLSv1. Mozilla Firefox is
expected to drop support for SSLv2 in
its upcoming versions.
As almost all modern browsers support
SSLv3, disabling support for the
weaker SSL method should have minimal
impact. The following browsers support
SSLv3:
Internet Explorer 5.5 or higher (PC)
Internet Explorer 5.0 or higher (Mac)
Netscape 2.0 (Domestic) or higher (PC/Mac)
Firefox 0.8 or higher (PC/Mac/Linux)
Mozilla 1.7 or higher (PC/Mac/Linux)
Camino 0.8 or higher (Mac)
Safari 1.0 or higher (Mac)
Opera 1.7 or higher (PC/Mac)
Omniweb 3.0 or higher (Mac)
Konqueror 2.0 or higher (Linux)
Microsoft has a KB article on disabling SSLv3, obviously it's in the same place as enabling it.
http://support.microsoft.com/kb/187498/en-us
If you are looking at fixing this you will probably also want the to fix weak ciphers since most scanners will complain about both. That is Microsoft KB245030. Generally any browser that supports SSLv3 will also support newer and stronger ciphers than the ones turned off by the scripts at that link.