Cadzow Knowledgebase


Welcome
Contact Us
Professional
Services

Consulting
Knowledgebase/
Site Search

Remote Support

Print Friendly

Cannot Access Some HTTPS Sites with Internet Explorer

When attempting to connect to a particular site via HTTPS, Internet Explorer may report “This page can't be displayed. Turn on TLS 1.0, TLS 1.1 and TLS 1.2 in Advanced settings and try connecting to https://<site> again.

However, other sites display via HTTPS correctly.

In the first instance, go to ToolsInternet OptionsAdvanced and check that TLS is enabled:

Otherwise, this problem may occur if Internet Explorer and the site in question cannot negotiate a cipher they both agree to use.

To check the ciphers offered by the site, go to https://www.ssllabs.com/ssltest/index.html and enter the URL.

When the test is completed, scroll down to Configuration. Listed under Cipher Suites are all those the server supports. Ideally, a site will offer 5-10 ciphers, and none of them should be labelled as “Insecure” or “Weak”. If all of the ciphers are weak, the browser may refuse to use them by default.

Next, test what your browser is capable of: https://www.ssllabs.com/ssltest/viewMyClient.html

Another reason for the blocking of weak ciphers is if your system has been configured with best-practices encryption hardening, whereby weak ciphers are disallowed. In this situation your system administrator will need to assess whether to revert the encryption stack to the default or add the required cipher to the allowed list.

If the site only supports SSL 3.0, this must be enabled in Internet Options as above in addition to enabling SSL 3.0 Fallback:

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v EnableSSL3Fallback /t REG_DWORD /d 3 /f

(Latter versions of Internet Explorer block SSL 3.0 by default.) It is recommended that SSL 3.0 Fallback only be enabled temporarily for troubleshooting purposes as keeping it enabled may expose the browser to some man-in-the-middle attacks against low-end encryption.

Alternatively, use a different browser. Internet Explorer uses Windows' internal encryption library, which is where the hardening takes place. Other browsers do not use this code, although they also block certain low-end ciphers.

Other Reading

Copyright © 1996-2019 Cadzow TECH Pty. Ltd. All rights reserved.
Information and prices contained in this website may change without notice. Terms of use.


Question/comment about this page? Please email webguru@cadzow.com.au