4

I'm trying to connect to IIS (on WS2016 where TLS 1.2 is only available TLS version - the other ones are disabled).

  • Exploring with IE works fine
  • Exploring with Chrome (up to date) finishes with ERR_CONNECTION_RESET

I tried many configurations with Registry SCHANNEL / IE Options. Moreover Wireshark logs that:

  • IE makes Client Hello with TLSv1.2 - what works fine.
  • Chrome makes Client Hello with TLSv1 - what finishes with ERR_CONNECTION_RESET

Any idea what configuration force Chrome to use TLSv1 instead of configured TLSv1.2?

DMan
  • 429
  • 4
  • 12

2 Answers2

1

Are you using client certificates? Because your description sounds very similar to a problem I'm currently facing since Chrome updated from v81 to v83. I have no clue about the source of the problem yet but if I disable client certificates completely the problem disappears. I can reproduces the problem with a fresh installed Win Server 2019.

Haidelber
  • 31
  • 4
  • In my case the problem could be fixed with applying the May patches to Windows Server 2016 or newer. For more details go to the [Chromium bug tracker](https://bugs.chromium.org/p/chromium/issues/detail?id=1084891#c34). And another option to fix the issue is to not use SHA-1 in the client certificates. – Haidelber Jun 24 '20 at 21:15
0

Enable TLS 1.2 in Google Chrome

Open Google Chrome.

Press Alt+F and select Settings.

Scroll down and select Show advanced settings.

Under the Network section, click Change proxy settings.

Click the Advanced tab.

Under the Security section, select the Use TLS 1.2 check box.

Jin Thakur
  • 2,711
  • 18
  • 15