none
SSL Client Authentication Fails RRS feed

  • Question

  • I'm testing SSL client authentication on Windows 8 Release Preview with smart cards from two different manufacturers. Both their CSPs are working fine, because I'm able to sign with an application that uses CryptoAPI. SSL client authentication with IE 10 fails:
    =======================================
    Internet Explorer cannot display the webpage.
    =======================================

    And the system log contains the following schannel events:
    =======================================
    A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 80. The Windows SChannel error state is 301.
    =======================================
    The SSL client credential's private key has the following properties:

       CSP name: Charismathics Smart Security Interface CSP
       CSP type: 1
       Key name: 213A799A-D4E3-47AF-82B0-D62B1DC746B5
       Key Type: key exchange
       Key Flags: 0x21

     The attached data contains the certificate.
    =======================================
    Creating an SSL client credential.
    =======================================
    An SSL client handshake completed successfully. The negotiated cryptographic parameters are as follows.

       Protocol: TLS 1.0
       CipherSuite: 0x2F
       Exchange strength: 1024
    =======================================

    TLS error code 80 is internal error.

    Is there a way to see more information about the error and what is causing it?

    Regards,
    Vladislav
    Wednesday, September 5, 2012 8:03 AM

All replies

  • Hi,

    I did not find any more info about this. But you can try the following policy, then test whether the issue persists.

    In Group Policy Editor (run: gpedit.msc),  went to Computer Configuration > Administrative Templates > System > Distributed COM > Application Compatibility and enabled "allow local activation security check exemptions"


    Juke Chou

    TechNet Community Support

    Thursday, September 6, 2012 9:10 AM
    Moderator
  • I tried your suggestion, but I got the same error again. Thanks anyway.
    Monday, September 10, 2012 7:20 AM
  • We have the same problem too. My company uses CSP and smartcards from three different manufacturers, with on-board 1024 bit private key, and they worked fine until Windows 7. I think the key point here is that we are still able to enstablish an SSL v3 connection with another browser that uses CSP on Windows 8 (Safari), so the problem should involve IE 10.

    Any suggestion ?

    Best regards,

    Alberto

    Tuesday, September 11, 2012 9:49 AM