none
This page can't be displayed - Turn on TLS 1.0, TLS 1.1, and TLS 1.2 ** But TLS is already turned on. RRS feed

  • Question

  • I have a user that when they try to log into Duke Progress Energy's website at https://www.progress-energy.com/app/loginregistration/login.aspx it will redirect them to a "one time authentication" page which requires them to use a one-time key to log in on a new computer.  When going to this one-time website (secure8.i-doxs.net) it will get an error message that says...

    This page can't be displayed

    Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in the Advanced settings and try connecting to https://secure8.i-doxs.net again.  If this error persists, contact your site administrator.

    Well, I'm the site administrator and I can confirm that TLS 1.0, 1.1, and 1.2 are all enabled and forced by GPO.  Restarting IE and rebooting did not help.  Chrome and Firefox both work flawlessly.

    Edit: This is IE 11 on Windows 8.1 Enterprise.
    Wednesday, April 29, 2015 5:57 PM

Answers

  • This specific issue was resolved for me by checking also SSL 2.0 and SSL 3.0 under the Advanced Setting along with the recommended fix of turning on TLS 1.0, TLS 1.1, and TLS 1.2.

    I was using IE Version 11 on Windows 7.

    • Proposed as answer by laman Monday, August 24, 2015 12:28 AM
    • Marked as answer by Timothy Carroll Monday, July 25, 2016 2:46 PM
    Wednesday, June 10, 2015 3:35 PM

All replies

  • Well, I'm the site administrator and I can confirm that TLS 1.0, 1.1, and 1.2 are all enabled and forced by GPO.

    Often such messages are just a default best guess of how to explain a problem symptom.  Have you checked that the message is properly reflecting the condition that was detected?  FWIW first I would use the Developer Tools to see what the transaction (request and response) really is.  E.g. it may be that the host is sending an HTTP response code which might be interpreted the way that the message is showing.  Then the problem would be on the host to ask: why is it sending that code.  Often the answer is that the host is just getting mixed up about the capabilities it assumes a browser has without having actually tested them.

    FYI



    Robert Aldwinckle
    ---

    Wednesday, April 29, 2015 6:19 PM
    Answerer
  • I couldn't figure out how to see headers in the dev tools, so I just used Fiddler, which I am familiar with.

    HTTP/1.0 200 Connection Established
    FiddlerGateway: Direct
    StartTime: 15:27:00.207
    Connection: close

    So, 200 response code, then closed. Only in IE.

    Wednesday, April 29, 2015 7:28 PM
  • Hi,

    Have you try the compatible view for test?

    Fix site display problems with Compatibility View

    http://windows.microsoft.com/en-IN/internet-explorer/use-compatibility-view#ie=ie-11


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, April 30, 2015 9:41 AM
    Moderator
  • @Karen Hu - This is not a compatibility view problem.  It happens before the page loads.

    @Karen Hu and @Michael Shao - Don't go blindly marking replies as answers.  It ruins the quality of TechNet forums.  I can't stand it when I find an old thread and the marked answer is not the answer.  It's better to just leave it unanswered.


    Wednesday, May 6, 2015 1:50 PM
  • Connection: close

    So, why is it closing?  ("Only in IE")   Still sounds like the problem is on the host, probably because of a misperception of the browser's capabilities.

    What can the user do then?



    Robert Aldwinckle
    ---

    Wednesday, May 6, 2015 1:59 PM
    Answerer
  • https://secure8.i-doxs.net/w3c/p3p.xml

    Tools>Internet Options>Privacy tab. click the 'Default' button for cookies.


    Rob^_^

    Thursday, May 7, 2015 12:53 AM
  • Timothy.

    My apologize.

    Thank you very much for your remindings. We will give more attention on the threads which should be marked as answer.

    At the same time, please do post back and tell us that the solution offered didn't help.

    Best regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, May 11, 2015 2:16 AM
    Moderator
  • Rob - Thanks for the tip, but it did not help.
    Monday, May 11, 2015 2:34 PM
  • My Windows 8.1 Internet Explorer 11 could login this website fine.

    Maybe you should consider to reset your Internet Explorer or check if you use any proxy.

    Wednesday, May 13, 2015 8:54 AM
  • I've tried it on no less than five different computers at this point.  No proxy is configured.  Reset didn't help.  I just told him to not use IE (good practice anyway).  I don't understand how @siwonshi was able to access the secure8.i-doxs.net website.

    • Proposed as answer by Victor Zhou Monday, April 4, 2016 6:51 AM
    Wednesday, May 13, 2015 2:16 PM
  • I am also having this problem. I run secure laptops with NIST policy; Windows 7. The site I am going to worked a few weeks ago; any thoughts on this issue occurring with latest IE updates?
    Wednesday, May 13, 2015 2:50 PM
  • Same problem here. This is with Windows 7 and IE 11, but also got it when I reverted back to IE10. I have tried resetting everything back to default. I have tried re-registering dll's. I have uninstalled IE and reinstalled it. Doesn't matter get the "Turn on TLS 1.0, TLS 1.1, and TLS 1.2" message every time even though they are all turned on. This is trying to connect to any secure sites including login.live which is a Microsoft site. Works fine in chrome and Firefox, problem is only with IE. The kicker is since I don't use IE for anything I found this problem trying to get the key for visual studio 2013, since it opens IE and asks you to sign into your live account to get it I can't get the key, and can now no longer can use visual studio. So not only will IE not work for me, I can't get any projects done either.




    Friday, May 15, 2015 10:32 PM
  • Having the same problem with quickbooks online banking. Since it has to use Internet Explorer we can't get anywhere with it. Hopefully someone breaks the code on which update caused this to start happening.
    Saturday, May 16, 2015 12:51 PM
  • I've got the same problem now logging into the Admin UI of one of our security tools at work it is affecting IE11, and Chrome 43.  Firefox is working just fine.
    Wednesday, May 27, 2015 11:30 PM
  • Firefox is working just fine.
    So try using a UAS override to specify Firefox as your browser.  F12, Ctrl-8.


    Robert Aldwinckle
    ---

    Thursday, May 28, 2015 3:17 PM
    Answerer
  • I'm now getting this for all YouTube videos and for Amazon one click purchases. These used to work just fine on this same machine and this same network. I have installed no new software other than Windows updates.

    Martin L. Shoemaker

    Sunday, June 7, 2015 1:56 PM
  • This specific issue was resolved for me by checking also SSL 2.0 and SSL 3.0 under the Advanced Setting along with the recommended fix of turning on TLS 1.0, TLS 1.1, and TLS 1.2.

    I was using IE Version 11 on Windows 7.

    • Proposed as answer by laman Monday, August 24, 2015 12:28 AM
    • Marked as answer by Timothy Carroll Monday, July 25, 2016 2:46 PM
    Wednesday, June 10, 2015 3:35 PM
  • With no changes on my machine (that I know of), YouTube videos no longer get this error. I haven't tested Amazon one click yet.

    Martin L. Shoemaker

    Wednesday, June 10, 2015 5:05 PM
  • I had this exact same issue.  If a website had tls 1.0 turned off then I could not view the site, even if the site had TLS 1.1 and 1.2 turned on.  I had tls 1.0, 1.1, 1.2 turned on, as the IE 11 message was instructing me to do.  The way I got it to work is to turn on SSL 2.0  SSL 3.0  and all the TLS versions.  They it could work. 

    The Strange thing is this was not an issue on my surface pro 3.  It is also using IE 11  had the same settings,  ssl 2 and 3 were and still are turned off.  But it works just fine on the sites my Dev laptop cannot open.


    • Edited by Hickorybro75 Thursday, June 18, 2015 3:12 PM More Information
    • Proposed as answer by MrDaytrade Thursday, July 16, 2015 3:54 PM
    • Unproposed as answer by Timothy Carroll Thursday, July 16, 2015 5:34 PM
    Thursday, June 18, 2015 3:10 PM
  • This solution worked for us just after pushing out IE11 to all of our users.
    Thursday, July 16, 2015 3:54 PM
  • I have the same problem before too, and my solution was to checking SSL 2.0 under the Advanced Setting along with the recommended fix of turning on TLS 1.0, TLS 1.1, and TLS 1.2. There was no different with SSL 3.0 turned on or not in my case.
    Monday, August 24, 2015 12:28 AM
  • This worked for me. Thanks!
    Monday, August 24, 2015 3:39 PM
  • SSL 2.0 and SSL 3.0 have been compromised and should not be used. You should find an alternative to using these protocols. https://www.us-cert.gov/ncas/alerts/TA14-290A
    Thursday, August 27, 2015 1:02 PM
  • I get the same issue attempting to open Gmail. I found that if I disable bitdefender I can access without issues, so I think it may be something with the firewall or anti-phishing settings preventing access.
    Friday, October 23, 2015 11:39 PM
  • Thanks Hickorybro75 that did the trick :)  Had to enable SSL 2/3 for the site to open

    Friday, January 15, 2016 5:09 AM
  • I had this issue no matter what browser I tried it from.  One day it was working, the next it wasn't.  For me, it turned out that my SSL binding had become corrupt, although I have not figured out why.  I tried to reconfigure it, but it would not accept my changes.  I had to delete it and recreate it. 
    Tuesday, March 22, 2016 7:34 PM
  • We have the exact same problem at our domain joined workstations where we force to enable TLS 1.0-1.1 and 1.2, do you have any idea about the cause of interrupt especially for google websites.. One day working other day not..

    Thursday, March 31, 2016 4:11 PM
  • @dmf15

    This comment helped me, thx!

    I created the site and the HTTPS binding programmatically, but the certificate was not added to the binding. I added that and voila!


    BalintN

    Friday, April 1, 2016 2:19 PM
  • Where/how do you do this? Checking the binding I mean.
    Thursday, April 7, 2016 1:08 PM
  • Hi friends...I was facing this issue...Now I turned on SSl 2.0

    Issue fixed.

    Wednesday, May 11, 2016 5:42 PM
  • So,

    One of my users is having this same issue for the website https://www . directionsonmicrosoft . com. It is only for the https version of the site; the non-secured version works properly. But the site is blocked on IE11 as well as the latest versions of Firefox and Chrome. Before I came here, I like the other users, enabled SSL 2/3, but it didn't have an immediate effect. Then all of a sudden, it started working in all three browsers. About an hour later, now, I've been informed that it's not working again, with the same error.

    This problem also seems to be intermittent on all three browsers.

    Any other ideas?

    Thanks,

    Matthias

    Thursday, May 26, 2016 9:35 PM
  • I realise this is old, but maybe its the certificate.

    I have an old self-signed certificate I use for occasional testing https. I get this error if I don't change my IE settings.

    Friday, June 3, 2016 12:20 AM
  • Had the same issue. TLS selected and greyed out by administrator. I logged user out of system and re-logged user back in being sure the user inputs credentials and it fixed it. Simple network credentials hiccup!
    Monday, June 6, 2016 11:00 PM
  • I'm having the same problem.  I have to use either IE or Fire Fox, Neither will connect.  "I get the Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to ..."  when I use IE and "SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG" when I use Fire Fox.  This is a GUI interface for a network device called a DSLAM.  I can reach it via SSH2 connection, but need the GUI to see status in real time.


    This system was working last week.
    Monday, June 27, 2016 10:28 PM
  • The proposed solution by Deepu H was has been discussed earlier. For one it solved their problem, but I am still experiencing the same problem even using the solution in the video. Thanks anyway.
    • Edited by StriderNet Tuesday, July 12, 2016 2:32 PM
    Tuesday, July 12, 2016 2:30 PM
  • I had same issue and fixed it by disabling, then re-enabling TLS 1.0 in the internet Options > Advanced tab.
    Sunday, July 24, 2016 1:51 PM
  • Why is this youtube video being repeatedly recommended when all it does is show how to set the SSL settings, which we have already established does not solve the issue every time?  This is the support forum equivalent of spam.
    Thursday, August 4, 2016 12:33 PM
  • It may be possible that your browser is using (or not using) a proxy to establish the connection. Depending on whether your proxy is set up to handle TLS interception, or not, and or, even if a proxy should be involved in the request play a role in causing the above symptom as well. Only your most keen network administrators will be able to tell you whether or not a client's browser request for that server within that domain should be using a proxy to make the request. If it shouldn't, as it was in my case, then the issue is that GPO isn't pushing the correct or complete exceptions list for your browser's proxy settings.

    See Internet Options-->Connections-->LAN settings click, Advanced to pull up Proxy Settings window and down below you will find a box with addresses that are not to use the proxy server.

    Now it is worth noting that this list might get populated by any number of ways but it is worth your time to take a look at it especially if you have a case where users sporadically receive such an error and nothing obvious in the Advance settings tab of the browser appears. The exceptions list is also vital because (according to KB 262981) depending on how a resource name is entered in the URL can toggle the use of a proxy in select cases for local addresses.

    I hope this may help those seeking other options to check in attempting to resolve the issue that gives them this message in the browser.

    Best of luck

    Friday, August 5, 2016 3:12 PM
  • Since july 2016 patches were having the same issue.  we turn off TLS1.0 and turn on ssl3.0 and the web site works.  I rather not use SSL3.0.  And users need tls 1.0 to access other sites.  Right now in the process of removing July patches to see if it fixes itself.  Web site does not use a proxy and work fine prior to patches with both TLS1.0 & SSL3.0 checked or with just TLS1.0 checked.  Now it only works with SSL3.0 checked and TLS1.0 unchecked.
    Friday, August 5, 2016 3:37 PM
  • I too had the same problem, activating only TLS 1.0 1.1 and 1.2 With GPO did not work, but setting TLS 1.0 manually worked. Changed the GPO to also include SSL 2.0 and 3.0 did the trick. Odd...

    BUT: Now IE falls back to RC4 encryption on som sites, and I do not want that...

    • Edited by RayHell Thursday, August 18, 2016 12:23 PM
    Wednesday, August 17, 2016 11:29 AM
  • Thanks a lot...

    it worked for me.

    Wednesday, November 9, 2016 5:30 AM
  • @Xwinger: Thanks for the specifics of what worked for you. That helped us out here.

    Exactly the scenario on a set of Konica Minolta Bizhub models where the self-signed certificates were accepted on only one print server. Our only control over the SSL connections to the device is to stop using RC4 and DES, but this wasn't enough for IE.

    • Turned OFF TLS 1.0
    • Turned ON SSL 3.0

    This allowed connection to the devices again on the other print servers.

    Thanks!

    Tuesday, November 29, 2016 2:03 PM
  • Be aware of what you are really doing. 

    Read this article:

    "There is consensus across the industry that the RC4 cipher is no longer cryptographically secure, and therefore RC4 support is being removed with this update. With this change, Microsoft Edge and Internet Explorer 11 are aligned with the most recent versions of Google Chrome and Mozilla Firefox."

    Also have a look at the "More Information" section:

    "Update any servers that rely on RC4 ciphers to a more secure cipher suite, which you can find in the most recent priority list of ciphers. If you have the need to do so, you can turn on RC4 support by enabling SSL3."

    So what you are proposing is to support a no longer cryptographically secure RC4 cipher.


    • Edited by MartinMyth Tuesday, May 9, 2017 11:38 AM
    Tuesday, May 9, 2017 10:55 AM
  • Bit Defender's option to scan SSL is what caused the problem. Turning this feature off in web protection settings fixed it immediately. Just wanted to share what worked for me.
    Sunday, May 28, 2017 3:01 PM
  • Update from my site here. Tried all the fixes listed. We had a system with a NIC that got zapped. I had a temporary wireless adapter to replace it on our domain until the replacement arrived. Many sites did not work. Installed the new NIC and everything works.
    Thursday, September 21, 2017 1:09 PM
  • In my case on a windows 2008 R2, beside enabling TLS 1.0, 1.1 and 1.2 on the Browser I enabled TSL 1.0 for Client and server on the registry.

    HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.0\Client  and \Server.

    changed the Enabled Reg_Dword to 1 and problem solved.

    hope this helps

    Jlopez.

    • Proposed as answer by Scott_Ruoff Thursday, September 28, 2017 8:53 PM
    Thursday, September 28, 2017 7:53 PM
  • This fixed our issue, HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client

    Enabled - 1

    Thanks jlopez

    Thursday, September 28, 2017 8:54 PM
  • Windows 10, change:

    HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Client

    DisabledByDefault from 1 to 0

    Friday, April 6, 2018 11:24 AM
  • This is an old posting, but it is still relevant to those SharePoint administrators still supporting legacy SharePoint 2010 systems hosted on Windows Server 2008 having TLS 1.0 and/or 1.1 enabled and TLS 1.2 disabled for legacy compatibility reasons, but operating in an AD environment where GPO disables TLS 1.0 and 1.1 and enables 1.2 for security reasons. I've compiled a listing of key references on the subject to review on the subject for administrators unfamiliar with this issue.

    One thing to keep in mind is that you can enable TLS 1.0 and 1.1 in IE Advanced Settings on the user's machine, to enable that user to connect to the legacy SharePoint 2010 web application, and this will resolve the problem... until the next time GPO is refreshed, which by default is every 15 minutes and which will undo the modifications you made.  To affect a permanent solution to the user's connectivity problem, you need to modify certain TLS-related registry keys on the user's machine.

    Now, not all users may need to connect to a legacy SharePoint 2010 site, and so you can modify the appropriate registry settings for each user on an as-needed basis.  If the legacy site still needs TLS 1.0 enabled,

    1. On the user's machine, backup the entire registry
    2. Go to this registry key
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
    3. and then modify these two settings
      "DisabledByDefault"=dword:00000000
      "Enabled"=dword:00000001
    4. Save and close.  The modifications go into effect immediately.

    References

    Thursday, May 2, 2019 5:34 PM