Server does not send "Server Hello" in smart card authentication RRS feed

  • Question

  • I have a web application hosted in two different Windows 2008 R2 servers. The same IE 11 browser is used to browse both urls.

    Both servers are certificate accept enabled in IIS.

    Both of servers only have ssl2.0, ssl3.0, and tlsv1.1 configured in Registrar. 

    One server can initiate "server hello" from IIS to ask for client certificate while another server can not.

    From Wireshark, I can see that the working server uses tlsv1.2 to communicate while failed one uses tlsv1.1.

    How can the working server know to use tlsv1.2?

    What decides tlsv1.1 or v1.2 to be used?

    What can initiate "server hello" handshake from IIS?

    • Edited by DongL Friday, May 5, 2017 3:25 AM
    Friday, May 5, 2017 1:42 AM