M
Mike N
I was unable to display any secure web pages on my laptop - XP SP2.
(Instant "This page cannot be displayed") I don't know when/how it
stopped working. Windows Update works.
I went through the troubleshooting steps at
http://support.microsoft.com/default.aspx?scid=kb;en-us;870700
Including disabling the Windows firewall completely. No luck.
The computer has been connected to the internet via a hardware
firewall and gone only to Microsoft.com so a worm/virus is unlikely.
NEXT - I used a packet sniffer and found that it did not start SSL
negotiation. I went back and actually read the error page, verified
that SSL 2.0, SSL 3.0 were already on. I turned on TLS 1.0. (PCT
1.0 does not show up as an option). Now I can reach some bank web
sites but not others. Other PCs on the same network can get to all
unreachable secure pages.
I repeated the steps in the above KB document, clearing and
resetting everything, setting up a new user, etc but no go.
Q1: I don't think PCT 1.0 is relevant anymore because there was a
recent exploit against it and it was replaced by SSL 3.0.
Q2: Why do I need TLS 1.0 on this system? I don't need to enable
TLS 1.0 on other systems.
Q3: How can I isolate the problem area and be able to reach all
secure sites? There are no relevant error messages in the event
viewer.
(Instant "This page cannot be displayed") I don't know when/how it
stopped working. Windows Update works.
I went through the troubleshooting steps at
http://support.microsoft.com/default.aspx?scid=kb;en-us;870700
Including disabling the Windows firewall completely. No luck.
The computer has been connected to the internet via a hardware
firewall and gone only to Microsoft.com so a worm/virus is unlikely.
NEXT - I used a packet sniffer and found that it did not start SSL
negotiation. I went back and actually read the error page, verified
that SSL 2.0, SSL 3.0 were already on. I turned on TLS 1.0. (PCT
1.0 does not show up as an option). Now I can reach some bank web
sites but not others. Other PCs on the same network can get to all
unreachable secure pages.
I repeated the steps in the above KB document, clearing and
resetting everything, setting up a new user, etc but no go.
Q1: I don't think PCT 1.0 is relevant anymore because there was a
recent exploit against it and it was replaced by SSL 3.0.
Q2: Why do I need TLS 1.0 on this system? I don't need to enable
TLS 1.0 on other systems.
Q3: How can I isolate the problem area and be able to reach all
secure sites? There are no relevant error messages in the event
viewer.