SSL connections that are successful on earlier versions of Windows can fail in Windows 7


After you upgrade to Windows 7, some Secure Sockets Layer (SSL) connections may fail. These same SSL connections work with earlier versions of Windows. For example, when you use Windows Internet Explorer to establish a connection over SSL, you receive an error message that resembles the following:

Internet Explorer cannot display the Webpage


This issue occurs because changes were made to the default cipher suites that are used in Windows 7. If the host to which you are trying to set up an SSL connection requires an earlier version of the cipher suites, the SSL connection fails.


To resolve this issue, you must configure the SSL Cipher Suite Order Group Policy setting to add the appropriate cipher suite back into the default list of accepted suites. To do this, follow these steps:
  1. At a command prompt, type gpedit.msc, and then click OK. This starts the Local Group Policy Editor.
  2. Expand Computer Configuration, expand Administrative Templates, expand Network, and then click SSL Configuration Settings.
  3. In the Setting pane, right-click SSL Cipher Suite Order, and then click Edit.
  4. In the Help pane, scroll to the bottom of the pane to locate the "How to modify this setting" instructions. To add the missing cipher suites, follow these instructions.


For more information about how to prioritize cipher suites, visit the following MSDN article: