-1

I am using Windows Server 2012 R2 to contact AWS services, namely https://elasticbeanstalk.eu-central-1.amazonaws.com/. However, the AWS toolkit for Visual Studio as well as Internet Explorer 11 fail to establish the TLS 1.0 connection to this server. Interestingly, it works on the same machine in Chrome.

Windows Event Log shows the following error, but I was not able to find any further explanation of what could possibly go wrong.

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1207.

A wireshark trace shows that my computer sends TLSv1 Client Hello and the server responds back TLSv1 Server Hello, Certificate, Server Hello Done. Subsequently, my computer sends TCP Fin, Ack, which closes the connection. Server Hello selects the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite.

Does anyone have an idea how to make the above connection work?

Thanks, Vlad

Vladimir Lapacek
  • 1
  • 1
  • 1
  • You might wana check if the cipher suite sent by AWS matches that which your server has sent. I'd suspect your server has disabled support for SHA1. – louis xie Jan 23 '17 at 03:22

1 Answers1

0

Check that this setting is checked in Internet Option, see below

enter image description here

yagmoth555
  • 16,300
  • 4
  • 26
  • 48
  • Thanks for your reply. Yes, I tried messing with this settings as well. The remote server however only understands TLS 1.0. So no luck. – Vladimir Lapacek Jun 30 '15 at 08:18
  • @VladimirLapacek It's ofcourse a IE bug as it work in Chrome, but at this point I would check for any filtering antivirus software, as some enable some toolbar or browser protection. – yagmoth555 Jun 30 '15 at 18:30