Hello Team,
Windows 2012 R2 Datacenter with all patches. IIS with SSL and SCEP (NDES) service.
Problem occurs only when client is proposing SSL RSA cipher suite. For DH cipher suite everything is working fine.
The SCEP communication from my router to IIS/SSL:
- Client Hello with RSA cipher
- Server Hello with RSA cipher + Certificate
- client sending Client Key Exchange + received ACK from server
- client sending Change Cipher spec and..
- server sends RST
Screenshot from SSL session:
http://tinypic.com/r/m93976/8
The problem is not SCEP related. It can be recreated by any web browser accessing IIS via HTTPS. That web browser should have RSA cipher suite disabled (in firefox about:config/ssl). I have tested from locally installed firefox to exclude any interference on the network.
Is this any well known bug ? (i can not find any). Please advise.
Regards,
Michal Garcarz