Hello- We have a Apache 2.2.22/ OpenSSL 1.0.0g/ PHP 5.3.10 CAC-enabled website on a government location. We have a few users with Windows 7/IE8 who used to be able to access the site but were unable to after a Microsoft patch (KB2585542 http://support.microsoft.com/kb/2643584 )was pushed.
The server has the following configuration: SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite HIGH:MEDIUM SSLHonorCipherOrder on My understanding is that the server should listen for either SSLv3 or TLSv1 protocols. I've been working with a Windows7/ IE8 box to troubleshoot the situation. It seems I can access the Apache site if SSL 3.0 only is enabled in the browser. If TLS 1.0 is enabled, the browser will prompt for a client certificate but will error out "Internet explorer cannot display the webpage" before prompting the user for their PIN. TLS 1.0 needs to be enabled in the browser as other (IIS) sites are TLS only. Can you offer any insight as to why our Apache site is accessible with only SSL 3.0 enabled in the browser???? If you need more information on the issue, please let me know. Thank you. Curtis N. Tammany
