none
Unable to open Microsoft office documents(excel,word) in Internet Explorer when we enforce strict TLS 1.2 protocol (Disabling SSL v2,SSL v3,TLS 1.0, TLS 1.1)on the webserver

    Question

  • Unable to open Microsoft Office documents(excel,word) in Internet Explorer when we enforce strict TLS 1.2 protocol (Disabling SSL v2,SSL v3,TLS 1.0, TLS 1.1)on the webserver. We tested by removing strict TLS 1.2 and IE is able to open the document fine.

    Error description : We see a Microsoft Excel Security Warning with the following content.

    Certificate error

    The application experienced an internal error loading the SSL libraries.

    When we disabled SSL V2 and SSL V3, the document opens fine but when TLS 1.0 is disabled we are seeing the  pop-up with certificate error. We tried to open the reports in CSV format, 2007 format and 2003 format and all of them have the same issue. Does Internet Explorer have any restrictions when TLS 1.2 is strictly enabled ?

    Note : We are able to download the document using Internet explorer and the document opens fine from local but opening the document from the browser fails with certificate error.



    • Edited by Hckar Friday, December 04, 2015 8:58 PM
    Friday, December 04, 2015 8:54 PM

Answers

  • Hi Hckar,

    We did test for your issue. We just choose TLS 1.2 in Internet Explorer to open office online and it works fine. Therefore, we consider the Online Office supports TLS 1.2 via Internet Explorer and your issue is not caused by the TLS 1.2 restrictions as you mentioned.

    We suppose the issue may be caused by the TSL version on your web server. Have you checked that your web server support TLS 1.2? If your web server doesn't support, it is certainly that you will not open it via TLS 1.2.

    Hope that will be helpful to you.

    Best Regards

    Simon 


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, December 07, 2015 6:29 AM
    Moderator
  • Does Internet Explorer have any restrictions when TLS 1.2 is strictly enabled ?

    Interesting way of looking at the symptom.  I saw a related one for these forums last week and did not think of that.

    Assuming nothing has been changed in the interim we could try tracing that case and see if the cause is really in the server or somehow just in IE.

    What do other browsers do?

    Oh.  I see a difference.  Your change is being made on the server?  So have you tried making the same change in client Options (e.g. to disallow TLS 1.0 being tested in the negotiation)?  Note then that you will probably see the same symptom that I was getting above in these forums.   <eg>

     

    Good luck



    Robert Aldwinckle
    ---

    Monday, December 07, 2015 5:10 PM
    Answerer

All replies

  • Hi Hckar,

    We did test for your issue. We just choose TLS 1.2 in Internet Explorer to open office online and it works fine. Therefore, we consider the Online Office supports TLS 1.2 via Internet Explorer and your issue is not caused by the TLS 1.2 restrictions as you mentioned.

    We suppose the issue may be caused by the TSL version on your web server. Have you checked that your web server support TLS 1.2? If your web server doesn't support, it is certainly that you will not open it via TLS 1.2.

    Hope that will be helpful to you.

    Best Regards

    Simon 


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, December 07, 2015 6:29 AM
    Moderator
  • Does Internet Explorer have any restrictions when TLS 1.2 is strictly enabled ?

    Interesting way of looking at the symptom.  I saw a related one for these forums last week and did not think of that.

    Assuming nothing has been changed in the interim we could try tracing that case and see if the cause is really in the server or somehow just in IE.

    What do other browsers do?

    Oh.  I see a difference.  Your change is being made on the server?  So have you tried making the same change in client Options (e.g. to disallow TLS 1.0 being tested in the negotiation)?  Note then that you will probably see the same symptom that I was getting above in these forums.   <eg>

     

    Good luck



    Robert Aldwinckle
    ---

    Monday, December 07, 2015 5:10 PM
    Answerer