The following is an attempt to condense some off-list discussions with SCADA folks about the broken behaviour of some browsers when it comes to interaction with SCADA devices running TLS. tl;dr: Chrome is practically unusable, at the other end of the scale Firefox is fine, and there's something weird happening with IE, possibly due to the use of non-CA-bought certificates.
A disclaimer for the following: This involved a lot of fiddling with server configs to exercise all the different options and recreate what people were reporting, so there may be some anomalies arising from getting a particular combination of browser+server config wrong. I can post a full trace of cipher suites offered and accepted if anyone's interested. Browser versions IE = 11.0.9600.18538 Chrome = 67.0.3396.87 Firefox = last version before they broke all the extensions DHE + RSA, ECDHE + ECDSA, ECDHE + RSA, RSA only: Chrome: [Connects correctly] Firefox: [Connects correctly] IE: [Does some weird fallback dance where it reconnects using TLS 1.0 several times when the cert is unrecognised and you click OK to accept it, then closes the connection after negotiating DHE at the point where the server has sent its Server Hello Done] DHE + RSA, ECDHE + ECDSA, RSA only (using RSA server key, so in effect no ECDSA): Chrome: [Client negotiates non-PFS pure-RSA and ignores PFS DHE, then disconnects after sending/receiving Finished, then reconnects and repeats] Firefox: [Connects correctly] IE: [Does some weird fallback dance where it reconnects using TLS 1.0 several times when the cert is unrecognised and you click OK to accept it, then closes the connection after negotiating DHE at the point where the server has sent its Server Hello Done] DHE + RSA, RSA only: Chrome: [Client negotiates non-PFS pure-RSA and ignores PFS DHE] Firefox: [Connects correctly] IE: [Does some weird fallback dance where it reconnects using TLS 1.0 several times when the cert is unrecognised and you click OK to accept it, then closes the connection after negotiating DHE at the point where the server has sent its Server Hello Done] DHE + RSA only: Chrome: [Unable to connect, "The client and server don't support a common SSL protocol version or cipher suite"] Firefox: [Connects correctly] IE: [Does some weird fallback dance where it reconnects using TLS 1.0 several times when the cert is unrecognised and you click OK to accept it, then closes the connection after negotiating DHE at the point where the server has sent its Server Hello Done] Summary: Most broken browser unless exactly the right cipher suite is available: Chrome Least broken browser: Firefox (at least for the last proper version they released) Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
