Internet Explorer breaks with TLS1.2 and cert chains containing an MD5 hash

Written by

I came across this recently – quite tough to troubleshoot. If you use IE to connect with TLS1.2 (TLS1.1 and TLS1.0 are not enabled by default in IE) to an SSL website which has a certificate in the chain with an MD5 hash, IE just breaks the connection. This is due to the way the schannel.dll interacts over TLS1.2. Getting the chain of certificates to use certs with a SHA hash gets things working. IE really should handle this more gracefully!

Here is a page which describes the problem quite well, saving me some typing 🙂

IE MD5 SHA SSL TLS1.2 TLSv1.2

Comments

One response to “Internet Explorer breaks with TLS1.2 and cert chains containing an MD5 hash”

June 28, 2013

Internet Explorer breaks with TLS1.2 and cert chains containing a SHA-512 hash « TriathlonMike

[…] post follows on from my previous post titled “Internet Explorer breaks with TLS1.2 and cert chains containing an MD5 hash“. It turns out that if a website’s certificate chain contains a SHA-512 hash then […]

Reply

Internet Explorer breaks with TLS1.2 and cert chains containing an MD5 hash

Comments

One response to “Internet Explorer breaks with TLS1.2 and cert chains containing an MD5 hash”

Leave a Reply Cancel reply

More posts

VMware Software Download Service error

LSI20320 (LSI 1030) firmware flash

Realtek NIC and no VLAN tag stripping

Enabling LDAPS on domain controllers using 3rd party certificates