Secure Channel cumulative update changes TLS protocol renegotiation and fallback behavior

Symptoms

Applications or services that use the Secure Channel (SChannel) security support provider, such as Internet Explorer, may incorrectly negotiate to non-Microsoft website hosts by using the Transport Layer Security (TLS) protocol. Therefore, the affected application may not establish a connection or may be instructed to negotiate the use of a less-secure protocol such as Secure Sockets Layer protocol version 3.0 (SSL 3.0).

Cause

This issue occurs because some third-party implementations of the TLS protocol do not correctly negotiate when empty TLS extensions are present at the end of the extension list.

Resolution

To resolve this issue, install the February cumulative security update for Internet Explorer (MS15-009) or the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update. If you download and install updates manually, see the "Affected Software" table in Microsoft Security Bulletin MS15-009 for download links. For information about the most recent cumulative security update for Internet Explorer, go to the Security TechCenter.

Note This update is offered only as a companion package to Internet Explorer 11. The update changes the TLS protocol renegotiation and fallback behavior.

Known issue


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

See the terminology that Microsoft uses to describe software updates.


Third-party information disclaimer

Propriétés

ID d'article : 3023607 - Dernière mise à jour : 10 mars 2015 - Révision : 1

Commentaires