Closed helangen closed 7 years ago
On IE11 TLS 1.2 is enabled by default: Microsoft IE11 Changelog Maybe it's another problem? Which error message you get at work? And maybe your results on SSL Labs are cached?
I can try another browser just to be sure and then change the parameters in nextcloud.conf again.
So changed the browser:
Is this the correct way of doing it ? I dont have access to IE 7 at work currently so I can't test it. Am I not suppose to get YES for the other protocols also or am I thinking of this the wrong way.
Cheers
I use the default ssl_params file and SSL Labs shows me:
IE 11 / Win 7 R RSA 2048 (SHA256) TLS 1.2
And on older IE versions I don't get an "handshake_failure" I get an Server sent fatal alert: protocol_version
error.
Maybe a certificate problem? Here are some information about handshake failures.
hoellen
edit: I wouldn't try to activate older protocols. Browsers who can't use TLS1.2 aren't worth it to change your server settings.
Thanks.
It works on all other browsers that I have tried both mobile and desktop. IE11 on Ein 10 also works fine. I use certs from LetsEncrypt but thought that would work fine. I did think at some point it had to do with this
http://serverfault.com/questions/741706/bug-with-tls-1-2-in-internet-explorer-11-windows-7
https://blogs.msdn.microsoft.com/friis/2012/08/29/tls-1-2-handshake-failure/
Hence the need to enable TLSv1.
Have anyone come across this?
I would rather not have to enable older protocols but kinda need NextCloud at work. They block all other clouds and they dont allow other browsers than IE11.
You can always use another image for this, perhaps there are some issues when using nginx in combination with BoringSSL.
Sure, I could try that. Just easy with your image and Let's Encrypt ;)
Thanks for a great image.
I can't get NextCloud to work for my browser at work. We run IE 11 on Win 7 Enterprise. I thought it had something to do with only TLSv1.2 being enabled and added support for previous versions (TLSv1 TLS1.1 SSLv2) in the /etc/nginx/ssl_params file. Restarting the reverse proxy though it does not seem that it reads it properly. SSL Labs still says TLSv1.2 only so I assume the new ssl_params file was not read properly. The error I get is SSL handshake failure. I also tried to comment out the file and add the parameters directly to the nextcloud.conf in sites-enabled directory.
I use 3 volumes; sites-enable, certs and conf.d in the Docker container boring-nginx.
Any ideas ?
Cheers