AnsweredAssumed Answered

Fatal error: Handshake_failure message for IE 8/XP

Question asked by ecssl on Nov 22, 2016
Latest reply on Nov 29, 2016 by ecssl

I've run a SSLLabs scan on my domain, and see two errors that I am concerned about. I am not really familiar with security and hoping someone might be able to explain what could be wrong and if my hosting provider has setup my server correctly?  


Problem #1 

I found that my site is not accessible via Windows XP (SP3) using IE 8.  The site doesn't even display and reports a message to diagnose the Internet connection (as if it is off-line).  SSL3 and SSL2  is disabled and TLS 1.0 is enabled in IE 8 (every other site works, so it is not a local configuration problem)  


Looking at results of other sites, I see IE 8 / XP should (I believe) use TLS_RSA_WITH_3DES_EDE_CBC_SHA.   When I asked my hosting provider, they claim that this cipher is "SSLv3" and that both SSLv3 and SSLv2 was removed and are no longer available because of security vulnerabilities.    The handshake simulation for IE 8/XP shows "fatal error: Handshake_failure" 

Is this accurate?  I notice everyone else still has support for this cipher using TLS 1.0?      


Problem #2


I get a message that says "Chain issues" , "Incorrect order".  Should I be concerned?


Otherwise, my grade is A for the SSLLabs Test