This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello. if you have a minute, I've checked the Internet Settings and TLS 1.0, TLS 1.1, TLS 1.2 are all checked and I've seemingly tried everything else on the internet regarding this error (clearing cache, etc). Anyways, in summary...
I tried all the internet options and client stuff. Oh, the client is running IE mode in Edge.
Secondly, there is a call to a tomcat servlet over http on the page (via javascript). Would that mess this up somehow? I did enable "display mixed elements" in the Internet Options-zone custom security settings. I wouldn't think that would do anything anyway as the setting is for embedded elements. I'm getting the error on the generic server login screen anyway. Thank you so much for any help.
Have you tested in other browsers like Chrome and Edge? Does the issue only occur in Edge IE mode?
Could you please try to disable ssl2.0 or ssl3.0 in Internet Options? I found some cases saying that they seem not be compatible with TLS options. Also, this error may indicate that antivirus software is blocking browser from reaching internal IP addresses. You can check it out and tell us the result.
Ok, I think I figured it out. The cipher suite used by the server side (Domino) had some outdated ones selected. I selected the remaining options they offered and that created an agreed upon protocol with the browsers. Thank you so much for your help.
Hi. Use SSL 3.0 is disabled in Internet Options (the default). I can't really test in other browsers as Edge is the company standard (not allowed to install other browsers) and it's an intranet site. This server is configured in policy/sites.xml to open in IE mode so can't do Edge without opening in IE mode. Outside of the browser, I did run openssl -connect test with tls1, tls1_1 and tls1_2, and received the following. All three returned the same. Is there anything in there?...I guess a handshake failure can mean anything but it tends to point away from a browser setting.
openssl s_client -connect server.blah.com:443 -tls1_2
CONNECTED(000001B0)
043D0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl\record\rec_layer_s3.c:1584:SSL alert number 40
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 213 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1655908143
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
Hi @Tom Griffith
If you have the "alert 40" error, usually you should explicitly specify the servername in your command, so that the server can return the right certificate the client is expecting. You can try specifying your servername like this:
Ref link: https://github.com/openssl/openssl/issues/7147#issuecomment-419633974
Besides, do you have IE in your computer? If there is, you can also try to test in IE to see if it works.