본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

"Security Connection Failed" when connecting to IIS web server over HTTPS that only has TLS 1.2 enabled

more options

Using Firefox 62.0.2 in Windows 10. Trying to connect to our IIS webserver that only has TLS 1.2 enabled but encounter the following error:

"Secure Connection Failed. The connection to the sever was reset while the page was loading"

If I enabled TLS 1.1, TLS 1.0 on the server, the connection via TLS 1.2 works fine. Chrome and IE browser don't have this issue and can connect when TLS 1.2 is exclusively enabled.

Our security group frowns on enabling TLS 1.1 / TLS 1.0. Please advise on how to get TLS 1.2 (exclusive) working with latest Firefox for Windows 10.

Using Firefox 62.0.2 in Windows 10. Trying to connect to our IIS webserver that only has TLS 1.2 enabled but encounter the following error: "Secure Connection Failed. The connection to the sever was reset while the page was loading" If I enabled TLS 1.1, TLS 1.0 on the server, the connection via TLS 1.2 works fine. Chrome and IE browser don't have this issue and can connect when TLS 1.2 is exclusively enabled. Our security group frowns on enabling TLS 1.1 / TLS 1.0. Please advise on how to get TLS 1.2 (exclusive) working with latest Firefox for Windows 10.

모든 댓글 (11)

more options

This is not true Firefox support this TLS_RSA_WITH_AES_256_GCM_SHA384

more options

AnnaSycamore said

This is not true Firefox support this TLS_RSA_WITH_AES_256_GCM_SHA384

Possibly that is not Firefox 62?

Firefox disabled RC4 ciphers by default in Firefox 44, and removed them in Firefox 50. What version did you test with?

The ciphers starting with TLS_DHE do not show up for me in Firefox 62 on Windows 7.

more options

Hello jscher2000 My Firefox is up to date

more options

Attaching enabled cipher suites from client and server (Qualys vs Nartac)


Server and client both appear to have TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 in common yet the handshake fails. May have to open support ticket with M$ft

more options

This is a problem is supported but is weak and not compatible with tls 1.2

On the other side your last reply (jscher2002) pointed me to this https://tecadmin.net/enable-tls-on-windows-server-and-iis/

글쓴이 AnnaSycamore 수정일시

more options

skmcfadden said

Server and client both appear to have TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 in common yet the handshake fails. May have to open support ticket with M$ft

This one, too:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

more options

If I use Nartac to enable "best practices" (TLS 1.0/1.1/1.2) all enabled. I get firefox 62 TLS 1.2 handshake to work. Here is the server hello:

HTTP/1.1 200 Connection Established FiddlerGateway: Direct StartTime: 16:49:24.975 Connection: close

This is a CONNECT tunnel, through which encrypted HTTPS traffic flows. To view the encrypted sessions inside this tunnel, enable the Tools > Options > HTTPS > Decrypt HTTPS traffic option.

A SSLv3-compatible ServerHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2) SessionID: 68 19 00 00 5E 42 D5 99 9D 2C B4 81 2F 09 6C 62 57 CC 97 F8 21 14 E3 85 79 38 F1 7C CE 68 D9 A7 Random: 5B B6 8A E4 A6 43 C0 E7 04 F2 73 74 B1 01 A0 B1 CA 2D 3C 08 AD 38 4C D0 BB 6C A5 7E 9D 89 4A D2 Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014] CompressionSuite: NO_COMPRESSION [0x00] Extensions: status_request (OCSP-stapling) empty extended_master_secret empty renegotiation_info 00

more options

skmcfadden said

Cipher: TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA [0xC014]

I don't know what that is... ??

more options

Yeah, I don't know what that is either. I don't see it in Nartac.

more options

I have similar issue IIS 10 Going to the site is fine. But going to a page that downloads a PDF inline gives this error. Only TLS 1.2 is enabled SSLLabs = A The only difference I can see F12 on FF Network=>Security Key Exchange Group on the working page is "none" on the failed one x25519

more options

nuronce said

Going to the site is fine. But going to a page that downloads a PDF inline gives this error. ... The only difference I can see F12 on FF Network=>Security Key Exchange Group on the working page is "none" on the failed one x25519

Well, this page has "Key Exchange Group: none", so I don't think that points us to the answer.

Could you start a new thread? At the top of pages there's a link titled "Get Community Support". Keep scrolling down past suggestions on those pages to continue with the question form.

  1. 1
  2. 2