IE aborts TLS connections made from script when a new SSL context is used

Won’t fix Issue #10104335

Details

Created
Dec 7, 2016
Privacy
This issue is public.
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

Given two servers:

1:Server1 (e.g. website server) protected by TLS, does not use TLS client certificate authentication.
2:Server2 (e.g. authentication server), protected by TLS with client certificate authentication enabled.

And a web browser, tested with IE11 (11.0.37).

The login page for a website hosted on server1 uses script behind a button action: i.e. a login button, to make a TLS client auth/HTTP connection to server2.

IE11 will send the client hello, and the server will reply with the server hello, certificate, and certificate request, server hello done. After the browser receives the server messages, the script will abort with SCRIPT7002, error 0x2ee4.

The TLS connection completes if server2 does not prompt for a client certificate (i.e. the typical CORS case).

IE will properly prompt/send the client certificate if server2’s site is typed into the navigation bar.

What’s interesting to note is that the configuration above will work if server1 and server2 are part of the same URL domain (i.e. the PKI authentication is tied to a location directive within a web server configuration rather than a separate site entirely). In those cases, then TLS client cert auth takes place as a secure renegotiation, and not a separate SSL session.

Attachments

0 attachments

    Comments and activity

    • This is similar to https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/1282036/, but the expected result of that mixes the TLS and HTTP actions.

    • Microsoft Edge Team

      Changed Assigned To to “Brad E.”

      Changed Assigned To to “Venkat K.”

      Changed Assigned To to “Saty B.”

      Changed Status to “Won’t fix”

    You need to sign in to your Microsoft account to add a comment.

    Sign in