What is the name of the domain?
What is the error message?
SEC_E_ALGORITHM_MISMATCH, SEC_E_UNSUPPORTED_FUNCTION, SEC_E_ILLEGAL_MESSAGE
What is the issue you’re encountering
Some Windows 10 users can’t connect to our domain via curl
What steps have you taken to resolve the issue?
After discovering one of the user’s ciphers (all RSA) didn’t match our domain’s (no RSA), i purchased ACM and created a Google cert, which added RSA (according to ssl labs test). Didn’t work. I should also note that our minimum TLS is set to 1.0, and TLS 1.3 is enabled.
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full
What are the steps to reproduce the issue?
The error only affects specific Windows 10 users, with specific system settings that I’ve yet to figure out. But as a test I’m having them run four curl commands with url https://www.syntorial.com, one for each version of TLS. I’ve removed the actual url from below as cloudflare states that as a new user I can only post 4 links
Command: curl -v --tlsv1.3
Response:
Host :443 was resolved.
IPv6: 2606:4700:3037::ac43:a2ac, 2606:4700:3037::6815:f8b
IPv4: 104.21.15.139, 172.67.162.172
Trying [2606:4700:3037::ac43:a2ac]:443…
Connected to (2606:4700:3037::ac43:a2ac) port 443
schannel: disabled automatic use of client certificate
schannel: AcquireCredentialsHandle failed: SEC_E_ALGORITHM_MISMATCH (0x80090331) - The client and server cannot communicate, because they do not possess a common algorithm.
closing connection #0
curl: (35) schannel: AcquireCredentialsHandle failed: SEC_E_ALGORITHM_MISMATCH (0x80090331) - The client and server cannot communicate, because they do not possess a common algorithm.
Command: curl -v --tlsv1.2
Response:
Host :443 was resolved.
IPv6: 2606:4700:3037::ac43:a2ac, 2606:4700:3037::6815:f8b
IPv4: 104.21.15.139, 172.67.162.172
Trying [2606:4700:3037::ac43:a2ac]:443…
Connected to (2606:4700:3037::ac43:a2ac) port 443
schannel: disabled automatic use of client certificate
ALPN: curl offers http/1.1
schannel: next InitializeSecurityContext failed: SEC_E_UNSUPPORTED_FUNCTION (0x80090302) - The function requested is not supported
closing connection #0
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_UNSUPPORTED_FUNCTION (0x80090302) - The function requested is not supported
Command: curl -v --tlsv1.1
Response:
Host :443 was resolved.
IPv6: 2606:4700:3037::ac43:a2ac, 2606:4700:3037::6815:f8b
IPv4: 104.21.15.139, 172.67.162.172
Trying [2606:4700:3037::ac43:a2ac]:443…
Connected to (2606:4700:3037::ac43:a2ac) port 443
schannel: disabled automatic use of client certificate
ALPN: curl offers http/1.1
schannel: next InitializeSecurityContext failed: SEC_E_UNSUPPORTED_FUNCTION (0x80090302) - The function requested is not supported
closing connection #0
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_UNSUPPORTED_FUNCTION (0x80090302) - The function requested is not supported
Command: curl -v --tlsv1.0
Response:
Host :443 was resolved.
IPv6: 2606:4700:3037::ac43:a2ac, 2606:4700:3037::6815:f8b
IPv4: 104.21.15.139, 172.67.162.172
Trying [2606:4700:3037::ac43:a2ac]:443…
Connected to (2606:4700:3037::ac43:a2ac) port 443
schannel: disabled automatic use of client certificate
ALPN: curl offers http/1.1
schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
closing connection #0
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.