Hi,
A customer with IE11 / Windows 8 is asking for SSL support.
So I followed the instructions from this page:
https://docs.litespeedtech.com/cp/cpanel/tunings/
My Apache Global Configuration SSL Cipher Suite was AES256+EDH so I updated it to AES256+EDH:ECDHE-RSA-AES128-SHA to enable old IE11 support and did a graceful restart of Litespeed and waited 20 minutes.
SSLLabs report (clear cache) still says:
IE 11 / Win 7 Server sent fatal alert: handshake_failure
And the report shows these as my available ciphers but doesn't seem to include ECDHE-RSA-AES128-SHA:
# TLS 1.3 (server has no preference)
TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS128TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS256TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS256
# TLS 1.2 (we could not determine if the server has a preference)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS128
My Litespeed is 5.3.8 but I am unable to update it at this time (was a previous rack911 customer). I will be building a new server but am hoping I can resolve the IE 11 issue on the current one.
Thanks for any insights,
John
A customer with IE11 / Windows 8 is asking for SSL support.
So I followed the instructions from this page:
https://docs.litespeedtech.com/cp/cpanel/tunings/
My Apache Global Configuration SSL Cipher Suite was AES256+EDH so I updated it to AES256+EDH:ECDHE-RSA-AES128-SHA to enable old IE11 support and did a graceful restart of Litespeed and waited 20 minutes.
SSLLabs report (clear cache) still says:
IE 11 / Win 7 Server sent fatal alert: handshake_failure
And the report shows these as my available ciphers but doesn't seem to include ECDHE-RSA-AES128-SHA:
# TLS 1.3 (server has no preference)
TLS_AES_128_GCM_SHA256 (0x1301) ECDH x25519 (eq. 3072 bits RSA) FS128TLS_AES_256_GCM_SHA384 (0x1302) ECDH x25519 (eq. 3072 bits RSA) FS256TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH x25519 (eq. 3072 bits RSA) FS256
# TLS 1.2 (we could not determine if the server has a preference)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH x25519 (eq. 3072 bits RSA) FS128
My Litespeed is 5.3.8 but I am unable to update it at this time (was a previous rack911 customer). I will be building a new server but am hoping I can resolve the IE 11 issue on the current one.
Thanks for any insights,
John