• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved HTTPS websites not loading in IE

O

occinodo

Basic Pleskian
Hello,

When trying to load an HTTPS website in IE on windows 7 and other platforms I get an error
For example https://techsavy.nl/ (on the same server as the website facing this issue)
You can also see that when you visit:
https://www.ssllabs.com/ssltest/analyze.html?d=techsavy.nl&s=37.97.158.214
this comes up:
IE 7 / Vista Server sent fatal alert: handshake_failure
IE 8 / XP No FS 1 No SNI 2 Server sent fatal alert: handshake_failure
IE 8-10 / Win 7 R Server sent fatal alert: handshake_failure
IE 11 / Win 7 R Server sent fatal alert: handshake_failure
IE 11 / Win 8.1 R Server sent fatal alert: handshake_failure
IE 10 / Win Phone 8.0 Server sent fatal alert: handshake_failure
IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure
IE 11 / Win Phone 8.1 Update R Server sent fatal alert: handshake_failure

How can I fix this? It's driving me nuts
 
Hi Daka,

Other servers with a Let's encrypt function perfectly, I think it's something with openSSL, but I don't know what.
 
You don't have TLS 1 or TLS 1.1 enabled, and you need a better cipher suite. TLS1 and 1.1 get disabled when you enable http2.

Have a look at /etc/nginx/conf.d/ssl.conf, something like...
Code: 
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers  on;
ssl_ciphers  EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:HIGH:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!SEED:!DSS:!CAMELLIA;

Should be ok. I added HIGH in there and removed the ones you really don't want.
Anyway that should get you where you want.
Kind regards

Lloyd
 
Thanks a lot!! That solved the issue.
For future reference, this is what I had in the file:
Code: 
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers  on;
ssl_ciphers  EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:HIGH:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!SEED:!DSS:!CAMELLIA;
 
Hi, I have a similar problem:


IE 11 / Win Phone 8.1 R Server sent fatal alert: handshake_failure

Safari 6 / iOS 6.0.1Server sent fatal alert: handshake_failure
Safari 7 / iOS 7.1 RServer sent fatal alert: handshake_failure
Safari 7 / OS X 10.9 RServer sent fatal alert: handshake_failure
Safari 8 / iOS 8.4 RServer sent fatal alert: handshake_failure
Safari 8 / OS X 10.10 RServer sent fatal alert: handshake_failure

SSL/TLS Protocols TLSv1.2 +TLSv1.3

Code: 
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

Where about's would I add in the HIGH? thank you in advance.
 
For TLSv1.2 and TLSv1.3,
We are using this configuration in Nginx. This works fine for majorly all browsers.

NGINX: 
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256;

The last cipher helps it work on old Safari, but is a weak cipher algo.

OpenSSL Version - 1.0.2k-fips
Nginx Version - 1.20.1
 
You must log in or register to reply here.

Similar threads

P
Forwarded to devs SSL It! TLS versions and ciphers by Mozilla v5 'intermediate' should support IE11 on Win7 or 8 - causes 'handshake_failure'
Replies
7
Views
4K
pleskuser67553
P
P
Resolved SSL It! Mozilla TLS ciphers v5.0 Intermediate causes handshake_failure for IE 11 / Win 7, despite supporting it
Replies
9
Views
3K
pleskuser67553
P
VirtualHorror
Issue Plesk backup issue - taking too long to list files of a particular website
2
Replies
20
Views
5K
VirtualHorror
VirtualHorror
Jan Bludau
Resolved Debian 11 to Debian 12
Replies
2
Views
5K
Jan Bludau
Jan Bludau
jhernanper
Issue Unable to install SuiteCRM: Symfony Runtime Exception. Tried everything - desperate
Replies
1
Views
5K
Maarten
M
Back
Top