Hi! I'm running Tomcat 7.0.65 with APR connector over port 443. I'm experiencing trouble with users that connect with IE11 over SSL. Connecting and browsing works fine, but sometimes a white screen with this error pops up. Once they disable TLS 1.2 everything works fine:
This page can't be displayed Turn on TLS 1.0, TLS1.1 and TLS 1.2 in Advanced settings and try connecting to https://sub.example.com again. If this error persists, contact your site administrator. Right now I'm using SHA-2 encryption (we moved from SHA-1) with A+ rating on SSLLabs, without any error's. Server.xml configuration. Ciphers following latest intermediate from Mozilla openssl config: <Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol" connectionTimeout="6000" maxThreads="500" maxKeepAliveRequests="-1" acceptCount="200" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" enableLookups="false" SSLCertificateFile="C:\server\ssl\server.crt" SSLCertificateKeyFile="C: \server\ssl\private.key" SSLCACertificateFile="C: \server\ssl\intermediate.crt" SSLPassword="passw" SSLProtocol="all -SSLv2-SSLv3" SSLHonorCipherOrder="true" SSLCipherSuite="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:EC DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-S HA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-EC DSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES2 56-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256- SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-A ES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256- GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DE S-CBC3-SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC _SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA: !EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!DHE:!EDH" /> Does anyone have a pointer about what could be wrong with this configuration? Kind regards, Harrie