Solution for “None of the cipher suites supported by the client application are supported by the server”

My SSL requests failed when the client was Windows Server 2003, and the server (a win7 box) showed this error in the event log:

An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

I spent days trying to fix it, trying about twenty different things. In the end, the real solution was to generate the SSL certificates again from scratch, this time forcing RSA and SHA1 (though SHA1 should be the default anyway). I used:

makecert -pe -r -ss my -sr localMachine -n “CN=[domain name or IP address]” -e 01/01/2099 -a sha1 -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12

Here is what all the switches mean:

-pe include private key

-r self-signed

-ss my put cert into “Personal” certificate store

-sr localMachine¬†use local machine’s cert stores (not current user’s)

-n common name (external IP or domain name of server)

-e expiry date

-a sha1 use SHA1

-eku 1.3.6.1.5.5.7.3.1 enhanced key usage Object Identifier (OID) for “SSL server certificate”

-sky exchange cert is for key exchange

-sp “Microsoft RSA SChannel Cryptographic Provider” use RSA

-sy 12 CryptoAPI provider type

For some reason Win Server 2k3 couldn’t or wouldn’t use the right ciphers with a default makecert certificate.

Hope this helps someone.