• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved HTTPS websites not loading in IE

occinodo

Basic Pleskian
Hello,

When trying to load an HTTPS website in IE on windows 7 and other platforms I get an error
For example https://techsavy.nl/ (on the same server as the website facing this issue)
You can also see that when you visit:
https://www.ssllabs.com/ssltest/analyze.html?d=techsavy.nl&s=37.97.158.214
this comes up:
IE 7 / Vista Server sent fatal alert: handshake_failure
IE 8 / XP No FS 1 No SNI 2 Server sent fatal alert: handshake_failure
IE 8-10 / Win 7 R Server sent fatal alert: handshake_failure
IE 11 / Win 7 R Server sent fatal alert: handshake_failure
IE 11 / Win 8.1 R Server sent fatal alert: handshake_failure
IE 10 / Win Phone 8.0 Server sent fatal alert: handshake_failure
IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure
IE 11 / Win Phone 8.1 Update R Server sent fatal alert: handshake_failure

How can I fix this? It's driving me nuts
 
Hi Daka,

Other servers with a Let's encrypt function perfectly, I think it's something with openSSL, but I don't know what.
 
You don't have TLS 1 or TLS 1.1 enabled, and you need a better cipher suite. TLS1 and 1.1 get disabled when you enable http2.

Have a look at /etc/nginx/conf.d/ssl.conf, something like...
Code:
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers  on;
ssl_ciphers  EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:HIGH:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!SEED:!DSS:!CAMELLIA;

Should be ok. I added HIGH in there and removed the ones you really don't want.
Anyway that should get you where you want.
Kind regards

Lloyd
 
Thanks a lot!! That solved the issue.
For future reference, this is what I had in the file:
Code:
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers  on;
ssl_ciphers  EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:HIGH:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!SEED:!DSS:!CAMELLIA;
 
Hi, I have a similar problem:


IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure

Safari 6 / iOS 6.0.1Server sent fatal alert: handshake_failure
Safari 7 / iOS 7.1 RServer sent fatal alert: handshake_failure
Safari 7 / OS X 10.9 RServer sent fatal alert: handshake_failure
Safari 8 / iOS 8.4 RServer sent fatal alert: handshake_failure
Safari 8 / OS X 10.10 RServer sent fatal alert: handshake_failure

SSL/TLS Protocols TLSv1.2 +TLSv1.3

Code:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

Where about's would I add in the HIGH? thank you in advance.
 
For TLSv1.2 and TLSv1.3,
We are using this configuration in Nginx. This works fine for majorly all browsers.

NGINX:
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256;

The last cipher helps it work on old Safari, but is a weak cipher algo.

OpenSSL Version - 1.0.2k-fips
Nginx Version - 1.20.1
 
Back
Top