Client certificate request fails when TLS 1.2 and 1.1 secure protocols are enabled in Internet Explorer 11

Symptoms

When a website requests a client certificate (such as for authentication), Internet Explorer 11 cannot send the certificate if the TLS 1.2 and TLS 1.1 secure protocols are enabled.

Resolution

Update information

To resolve this problem, install the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update.

For technical information about the most recent cumulative security update for Internet Explorer, go to the following Microsoft website:Note This update was first included in security update 2976627.

For more information about security update 2976627, click the following article number to view the article in the Microsoft Knowledge Base:
2976627 MS14-051: Cumulative security update for Internet Explorer: August 12, 2014

More Information

This issue only occurs with servers that downgrade the TLS session in an ungraceful way (such as by sending a TCP reset when receiving a TLS protocol version that the server does not support). If a server downgrades the TLS session in a proper way that indicates the desired version in the respective server handshake, then any client-side certificate that may be required is sent to the server correctly.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

See the terminology that Microsoft uses to describe software updates.
Proprietà

ID articolo: 2988411 - Ultima revisione: 12 ago 2014 - Revisione: 1

Feedback