Enable support for IE11 / Win 7
Hi Guys and girls,
We need some advise on a challenge.
On of our biggest clients are trying to run a piece of software on our server, that requires IE11 on Win 7 support.
However when we test our server using Qualys, we get the following error:
IE 11 / Win 7 R Server sent fatal alert: handshake_failure
I am guessing that its a matter og using the "right" cipher suit.
In Apache Configuration, we got:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
In some other posts i have seen that adding ECDHE-RSA-AES128-SHA should solve the issue, but we already got that, as the cipher above reads
My understading is that Litespeed is overwriting this, and then we end up with results from the test below, which do not match our cipher above:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) ECDH x25519 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS
And so to my questions
- How can we enable support for IE11 / Win 7 while still keeping a high cipher strength (how do i change the chipers in LiteSpeed?)
- Should we at all start changing our cihper to accomodate the client, or will this lower the security for all clients on the server?
-
Hi Lauren, Thank you for your reply! We are using 5.4.5 (build 2) LSWS. We acutally solve the issue by making the client run on http in the functions (Excel 2016) utilizing IE11, and recommended that they changed browser as soon as possible. But it would still be nice to know where our chiphers are set, if its not using whats in the Apache Configuration :rolleyes: 0
Please sign in to leave a comment.
Comments
2 comments