Problem
I noticed that when a letsencrypt issued certificate is installed on IIS, Windows XP clients (e.g. IE, wininet, winhttp using schannel) are unable to connect. I would like to emphasis that this does not just affect Windows XP users using IE but any application on Windows XP / Windows 2003 which uses Schannel (WinInet, WinHTTP, etc).
Analysis
SSL Labs: SSL Report: the following ciphers are offered:
letsencrypt certificate:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 256 bits (eq. 3072 bits RSA) FS 128
Only ciphers with FS are offered.
When a certificate issued from any other CA is used, the ciphers are as following:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 256 bits (eq. 3072 bits RSA) FS 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
Notice that ciphers without FS are offered.
Cause
The problem is not with the lack of support of SNI on Windows XP but with the certificate policy. The working certificates allow the following purposes:
Ensures the identity of a remote computer
Proves your identity to a remote computer
1.3.6.1.4.1.36305.6.1.2.2.1
letsencrypt certificate purpose:
Ensures the identity of a remote computer
2.23.140.1.2.1
1.3.6.1.4.1.44947.1.1.1
You will notice that the “Proves your identity to a remote computer” purpose is absent, supposedly blocked by the certificate chain for the letsencrypt issued certificate. As a result IIS will disable all non PF ciphers.
Solution
The issued certificate allows the “Proves your identity to a remote computer” enhanced key usage, however it seems that a certificate in the chain does block this purpose. Are there any plans to fix this?