Internet Explorer breaks with TLS1.2 and cert chains containing an MD5 hash

Posted on by | 1 Reply

I came across this recently – quite tough to troubleshoot. If you use IE to connect with TLS1.2 (TLS1.1 and TLS1.0 are not enabled by default in IE) to an SSL website which has a certificate in the chain with an MD5 hash, IE just breaks the connection. This is due to the way the schannel.dll interacts over TLS1.2. Getting the chain of certificates to use certs with a SHA hash gets things working. IE really should handle this more gracefully!

Here is a page which describes the problem quite well, saving me some typing 🙂

One thought on “Internet Explorer breaks with TLS1.2 and cert chains containing an MD5 hash

  1. Pingback: Internet Explorer breaks with TLS1.2 and cert chains containing a SHA-512 hash « TriathlonMike

Leave a reply 

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

required