Reset Search
 

 

Article

KB28749 - TLS handshake with RC4 is not supported on Windows 8.1 with Internet Explorer 11 browser (MS KB2868725)

« Go Back

Information

 
Last Modified Date8/8/2015 2:04 AM
Synopsis
This article describes an issue with TLS handshake with RC4 is not supported on Windows 8.1 with Internet Explorer 11 browser (MS KB2868725)
Problem or Goal

If the connection setting is set to "Accept only TLS" and the custom cipher suite selection is set to use "RC4" only, the message "Page cannot be displayed" will appear when accessing the Pulse Connect Secure device with Internet Explorer 11 browser on Windows 8.1.

Cause

The issue occurs because Windows 8.1 no longer supports RC4 cipher suites.  Windows 7 and XP operating system will no longer support RC4 if Microsoft update MS KB2868725 is installed.

On a Wireshark capture you will be able to see the Fatal, Description: Handshake failure.

Solution

With the following configuration, the cipher suites below are accepted by Pulse Connect Secure device. 

TLS_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5

However, cipher suites (RC4 with TLS handshake) are no longer supported on Windows 8.1 with Internet Explorer 11 browsers. Also, this will apply to Windows 7 and XP operating systems if Microsoft update MS KB2868725 is installed.

Pulse Secure recommends enabling AES/3DES (168-bit) and AES (128-bit) cipher suites under System > Configuration > Security > SSL Options

The following link at Microsoft technet will provide instructions on how to disable RC4, as it is not supported on the latest browsers.  

http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255