• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved SSL It! Mozilla TLS ciphers v5.0 Intermediate causes handshake_failure for IE 11 / Win 7, despite supporting it

P

pleskuser67553

Basic Pleskian
Hi,

On Plesk Obsidian 18.0.30, after resynchronising "TLS versions and ciphers by Mozilla" in SSL It! 1.6.0 it finds version 5.0, subsequently SSL Labs reports "IE 11 / Win 7 R Server sent fatal alert: handshake_failure" for my websites. I replicated this on a second server with the same config, doing before and after SSL Labs tests, to reach this conclusion. I'm using the "Intermediate (recommended)" preset in both cases which supports IE 11 / Win 7 as the oldest browser. The websites on the resynced servers do work on IE 11 / Win 10 however. If I disable "TLS versions and ciphers by Mozilla" SSL Labs continues to report "IE 11 / Win 7 R Server sent fatal alert: handshake_failure" for my websites. I can't role back to version 4.0 in the UI, but if I switch to the "Old" preset, the IE 11 / Win 7 handshake works but I get a grade B SSL Labs report because TLS 1.0 and 1.1 is supported. According to a successful handshake, IE 11 / Win 7 will work with TLS 1.2, so I suspect an unintended side effect is happening with the Intermediate preset on version 5.0..?

I have another server on Plesk Obsidian 18.0.30, SSL It! 1.6.0 on which I have not done a resync (currently version 4.0) and SSL Labs reports a good handshake "IE 11 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDH secp256r1 FS", graded B because TLS 1.0 and 1.1 is supported.
 
Excellent job troubleshooting and describing this issue. Did you ever find a resolution to this? I have experienced the same thing with version 5 in the SSL It extension.
 
Thanks. Not yet. I keep checking the changelog but a fix is not mentioned. I have not retested this since my first report. This forum feels like an 'unofficial' space for reporting serious issues because many reports appear to go unanswered, but I don't know where else to report it other than here.
 
This is still a problem on Plesk Obsidian v18.0.33, SSL It! v1.7.7. TLS versions and ciphers by Mozilla Version 5 suggests it should also support IE 11 on newer versions of Windows, since intermediate/oldest_clients lists "IE 11 on Windows 7", however there is also a SSL Labs handshake_failure on IE 11 / Win 8.1 too.
 
pleskuser67553 said:
This forum feels like an 'unofficial' space for reporting serious issues because many reports appear to go unanswered, but I don't know where else to report it other than here.
Click to expand...

Important - PLEASE FOLLOW THIS INSTRUCTION IF YOU BELIEVE THAT FOUND A BUG!

Dear Pleskians, Please, click Submit Report button and use the template in this special forum subsection if you really believe you discovered a new bug and need to report it to the Plesk developers. It does allow us to handle and resolve your requests much more efficiently. Please be careful...
talk.plesk.com talk.plesk.com
 
@IgorG Thanks for bringing that thread to my attention. I will submit a report. I wondered if perhaps I'd missed that thread first time around, however I've just visited the forum home and clicked around and I cannot see that important thread - certainly there is no thread like that pinned in the Plesk Extensions category. Maybe it could be added as a permanent banner at the top of the home page?
 
You must log in or register to reply here.

Similar threads

D
Issue Can't enable TLSv1 and TLSv1.1 on Ubuntu 22.04
Replies
4
Views
7K
omniscient
O
P
Forwarded to devs SSL It! TLS versions and ciphers by Mozilla v5 'intermediate' should support IE11 on Win7 or 8 - causes 'handshake_failure'
Replies
7
Views
3K
pleskuser67553
P
Nextgen-Networks
Forwarded to devs SSL It! - Preset "modern" will break your Apache templates on Ubuntu 20.04.2 with Plesk 18.0.35
Replies
13
Views
4K
Nextgen-Networks
Nextgen-Networks
Mark12345
Issue A+ SSL/TLS Test - PCI Compliance - Ciphers - Oh My
Replies
8
Views
4K
Mark12345
Mark12345
Back
Top