Fix for Windows SSL, TLS connections handshake failures

Reading time icon 2 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

If you are encountering SEC_E_ILLEGAL_MESSAGE errors in apps during server connection issues, it’s because of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connection handshake failures that Microsoft recently discovered.

“We address an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections,” Microsoft said. “These connections might have handshake failures. For developers, the affected connections are likely to receive one or more records followed by a partial record with a size of less than 5 bytes within a single input buffer. If the connection fails, your app will receive the error, ‘SEC_E_ILLEGAL_MESSAGE.’”

The issue covers a handful of Windows client and server platforms, including releases and editions. For clients, affected systems include Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise 2015 LTSB; Windows 8.1; and Windows 7 SP1. As for affected servers, the list includes Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 SP1.

Fortunately, the company is already offering a fix for it through an out-of-band non-security update. However, instead of receiving it via the Windows Update, Windows Update for Business, or Windows Server Update Services (WSUS), affected users will have to obtain it from the Microsoft Update Catalog. After downloading the update that the affected user needs, it should be manually imported to WSUS and Microsoft Endpoint Configuration Manager.

The fix is available in cumulative and standalone updates, but it is not yet offered to all affected Windows releases and editions, particularly Windows 10 2016 LTSB, Windows Server 2016, and Windows 10 2015 LTSB. As of writing, the only ones covered under the cumulative update are Windows 11, version 21H2; Windows Server 2022; Windows 10 Enterprise LTSC 2019; Windows Server 2019; Windows 10, version 20H2; Windows 10, version 21H1; Windows 10, version 22H1; and Windows 10 Enterprise LTSC 2021. Meanwhile, the standalone package update only offers solutions for Windows 8.1, Windows Server 2012 R2, Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2012.

More about the topics: Cumulative Update, SSL, TLS, update, Windows Update