Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


Applications or services that use the Secure Channel (SChannel) security support provider, such as Internet Explorer, may incorrectly negotiate to non-Microsoft website hosts by using the Transport Layer Security (TLS) protocol. Therefore, the affected application may not establish a connection or may be instructed to negotiate the use of a less-secure protocol such as Secure Sockets Layer protocol version 3.0 (SSL 3.0).


This issue occurs because some third-party implementations of the TLS protocol do not correctly negotiate when empty TLS extensions are present at the end of the extension list.


To resolve this issue, install the February cumulative security update for Internet Explorer (MS15-009) or the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update. If you download and install updates manually, see the "Affected Software" table in Microsoft Security Bulletin MS15-009 for download links. For information about the most recent cumulative security update for Internet Explorer, go to the Security TechCenter.

Note This update is offered only as a companion package to Internet Explorer 11. The update changes the TLS protocol renegotiation and fallback behavior.

Known issue


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


See the terminology that Microsoft uses to describe software updates.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Need more help?

Expand your skills


Get new features first


Was this information helpful?

What affected your experience?

Thank you for your feedback!