Overview:
Due to popular web browsers dropping support for TLS1.0 and TLS1.1 protocol, when you login to EPS console, error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH” appears. This occurs only with EPS Server installed on legacy operating systems (where TLS 1.2 protocol is not enabled/supported).
Applicable Operating System: Microsoft Windows 7 and earlier
Applicable EPS Versions: Thirtyseven4 EPS 7.x
Applicable Browser versions:
- Google Chrome 98.0.4758.102 and above
- Mozilla Firefox 97.0 and above
- Microsoft Edge 98.0.1108.50 and above
Description:
When you log in to the EPS console webpage, the following error prompt appears in the browser.
Reason:
This behavior is due to either the browser or operating system not supporting TLS1.2 protocol.
- Browser: The latest browser versions allows a minimum TLS protocol version of TLS 1.2.
TLS 1.0 and TLS 1.1 are no longer supported. - Operating System: TLS1.2 protocol is disabled/unsupported on legacy Operating Systems.
- TLS 1.2 is disabled by default on Microsoft Windows 7 and 2008 R2
- TLS 1.2 is unsupported on Microsoft Windows Vista, 2003 and XP
Solution:
Thirtyseven4 recommends installing EPS Server on the latest operating system.
Alternatively, you can use the following workarounds:
Workaround 1: Use older web browser versions to access EPS web console.
Workaround 2: Enable TLS 1.2 on Windows 7 and Windows 2008 R2 to access EPS web console on latest browsers.
To enable TLS 1.2, follows these steps,
1. Right-click Start, then select Run. Type regedit in the Open: box, and then select OK. The Registry Editor window appears.
2. In the Registry Editor window, select topmost Computer option.
3. To take backup of the registry, click File > Export. Save the registry file.
Important: In this method, you are editing the registry. This may have detrimental effects on your computer if done incorrectly, so it is strongly recommended to make a backup.
4. In the Registry Editor window, browse to the following registry key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
5. Right click the Protocols folder. Select New > Key from the drop-down menu.
This creates a new key folder.
6. Rename the new key folder as TLS 1.2.
7. Right click the TLS 1.2 key folder and add a new key in that folder.
8. Rename the new key as Server.
9. Right click the Server key. Select New > DWORD (32-bit) Value from the drop-down list.
10. Rename DWORD to DisabledByDefault.
11. Right-click the name DisabledByDefault and select Modify... from the drop-down menu.
12. Ensure that the Value data field is set to 0 and the Base is Hexadecimal. Click OK.
13. Create another DWORD for the Server key as you did in Step 9.
14. Rename this second DWORD to Enabled.
15. Right-click the name Enabled and select Modify... from the drop-down menu.
16. Ensure that the Value data field is set to 1 and the Base is Hexadecimal. Click OK.
17. Close Registry Editor window.
18. Reboot the server.
(For more details, please refer TLS1.2 section on this Microsoft support document: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786418(v=ws.11)