I currently have websites running on IIS8, on Windows 2012 R2 Servers. After this months Microsoft patching we started to get reports of Firefox users not being able to connect to the website and are receiving a "Secure Connection Failed" error message.
* We also utilize a subset of ciphers of allowed ciphers instead of the default.
I have been able to determine:
- That without the recent KB4088879 patch installed, the Firefox error does NOT occur
- With KB4088879 installed, the Firefox error DOES occur
- With KB4088879 installed, and when I disable our restricted cipher listing, and allow all default ciphers, the Firefox error does NOT occur
- With KB4088879 installed, and when I enable our restricted cipher listing, the Firefox error DOES occur
We are trying to determine:
- What may have caused the sudden change in the cipher behavior
- What are possible solutions to remedy the situation, without enabling all the default ciphers as we find that not the best practice given security vulnerabilities against many of the default ciphers